Preventing phishing attacks is not just a technical issue
- Tuesday, October 26, 2010, 5:13
- Articles, Threat Research
A client of mine who’s a security administrator for a business in the financial industry contacted me recently about some odd behavior he was seeing on his network. Apparently numerous spidering/mirroring requests were being sent to his company’s marketing website from a foreign country – many of which were triggering “illegal characters in host header” IPS alerts. He suspected that someone was mirroring the site to gather information for a future phishing attack wanted my thoughts on it. Without knowing any more details or having access to trending information, etc. I told him that it’s not necessarily malicious in intent however I thought he was onto something with the phishing angle.
Even though the suspected malicious activity had likely been completed for some time, blocking the originating IPs at the firewall would be a good first step. However, if the attacker knows what he’s doing, he’s probably making these requests through someone else’s network, through a proxy, or a via a legitimate service such as Anonymizer. So it didn’t make sense to spend too much time on that. Going beyond monitoring the IPS for future anomalies, a further-reaching measure would be to notify other key folks inside the organization such as customer service, operations, marketing, etc. so they can also be on the lookout for (continue reading...)
If you Have a look at “Rapport” and maybe have a chat with them, they have come up with a (technical only) solution of fighting phishing. They’ve done it with HSBC and a few other sites and once a user accesses HSBC’s site for instance, they are being prompted with the option to install Rapport. This bit of software states that it can add extra security to the connection between client and server and even encrypts unencrypted wifi connections (Not a clue how .. defo not using a VPN) also it keeps an eye on the client’s logging on possibly mirrored sites. I contacted them to get some tech info on how they do it .. as i tend to not simply rely on things just because they say so, but they don’t want to give out too much info on that. Can’t blame them. Considering that many banks and other type of companies rely on this service … I guess other could too. Anyway … phishing is mostly efficient because of user ignorance … I nearly fell once for it too
.