Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Community Forums
 Community Discussions (All other subjects)
 Phishing
 New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

StephenD
Senior Member

Australia
1044 Posts

Posted - 31 May 2005 :  23:58:00  Show Profile  Send StephenD a Yahoo! Message
Not to be confused with this topic: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=58393 BTW very nice site Neil/David. I was reading this article http://www.bluesecurity.com/the_blue_zone/2005/05/blue_security_r.html and was wondering how susceptible Snitz was to phishing attacks using the lost password link if that seems to be a growing trend. Would the anti-spam (test your humanity) mod need to be added to the 3 step process as an added safeguard?

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 01 June 2005 :  00:33:30  Show Profile
To use the Forgot your password function, you need to know both the username and the e-mail address of a user. You can't just enter any known username and e-mail address, they must match.
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts

Posted - 01 June 2005 :  07:28:01  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message
Its unlikely that Snitz would be a target for phising or hostile profiling attacks.
If you're worried about phising use this - http://toolbar.netcraft.com/

Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

Podge
Support Moderator

Ireland
3775 Posts

Posted - 01 June 2005 :  09:37:08  Show Profile  Send Podge an ICQ Message  Send Podge a Yahoo! Message
Or you could always write a mod to implement this

http://www.microsoft.com/hardware/mouseandkeyboard/features/fingerprint.mspx

Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.
Go to Top of Page

Mur
Zapped Profile

24 Posts

Posted - 03 June 2005 :  06:18:07  Show Profile  Visit Mur's Homepage
This is really a cool subject and most of the articles online are not technically correct.
If you have time and are interested here’s some information that I can supply regarding this subject.

Don’t think for a minute that phishing is all scripts and a fully automated system like most of the writers online like to report. I’ll say from experience of monitoring network activity this is mostly a manual process and the reports you might see online are not correct in how a phisher gets information about members of a site. (Mostly financial sites)

(This is in most cases what happens)

A couple of years ago on one of my Commercial sites I monitored a connection from Nigeria.
The person connected and created an account. Then moved to the Snitz Members list and pulled every email address from the member’s profiles that was made public.
After they visited every profile they spammed out a notice to click here and update their profile. The email was sent using my login page. (They copied the HTML and recreated a couple of pages that was linked from the email. Just like the phishers do today, they asked for PayPal email addresses to be updated and passwords for my site. I’m sure that was due to the fact that I advertised PayPal Payments.

Now what they (Phishers) seem to be doing is targeting sites that offer eCommerce with a common username email address login. Like Yahoo Stores, Auction, eBay and MSN Shopping.

It’s a very slow process for them but they do have the resources and people to do it.
How it’s done.
Phishers check profiles of sites first to see if email addresses and names are available. (Now with the popularity of Blogs they spend most of their time surfing blogs for information)

If they find a email address like yourname@yahoo.com and you have a profile on yahoo they check possible passwords that could be your name, birthdates, dogs name that you commented in your profile. You wouldn’t believe how many people actually use common passwords of kid’s names and then list their kid’s names in their profiles.

If that fails they still have your email address. Once you have a persons email address and know they are a member of say Yahoo Auctions the phisher knows that Yahoo requires a Credit Card on file. So they copy the information they need to their slick little database and send you a nice email asking you to update your account information and then ask for your card number, username, password etc. Same stuff they always ask for.

If you keep in mind that the process is not automated about the part of cultivating special information. (Not to be confused with email bots/spiders), then you can check your own security by visiting your members pages. I send notices to members on commercial sites that use birthdates as passwords when a birthdate is shown in the forums. (Birthday Mod).

At this time for phishing the only thing that is automated is the spam. (This information is from my experience, if you know of someone that can prove otherwise I would like to see the code. )

So if you want to protect members on a commercial site. Don’t allow profiles to be viewed.
If you run a site like eCommerce or Auctions you have to allow profiles for sellers so you really need to tell members that you will never ask them for a password or login information. That’s the key, educate your members.

Last thing regarding Mod’s to protect your site.
Easy mod to do in Snitz, IPBan logs connection. Allow 3 attempts on any given IP address for user login or password retrieval. After 3 failed attempts lock out the IP for 30 minutes or more. Do not note that the account is locked. Use your IPBan Mod to ban the IP for that time. Redirect to a customer support page asking them to check their records and try again. From your special customer service page have your IPBan monitor everything and log it all. Track the IP and ban the network block from your site for a fixed time frame. You now have successfully stopped further attacks from this phisher for the moment. Be creative with phishers because they are human, don’t tell them you are banning them, tell them something like “The email address you used is not on file” or for fun if you are good with code and love to play hard ball redirect them to the old 200 popups or the fake format page or if you don’t live in the USA use the startup menu delivery code plant and send them a big note the next time they restart their computer. (if you don’t know what I’m talking about don’t worry just read some of the posts from the link below and use your imagination)

If you are interested in how Phishers work and how they setup things I have a few posts in a forum. I don’t have everything posted online because I’m not sure if it’s really good to offer a post that actually could be used as a Phishers Starter Kit.

Hope this helps and wasn’t to boring.

Phishers that sent email to me, My Notes and reports Click Here

Regards,
Mur
Go to Top of Page

pdrg
Support Moderator

United Kingdom
2897 Posts

Posted - 03 June 2005 :  06:24:12  Show Profile  Send pdrg a Yahoo! Message
Quite the opposite - fascinating, excellent contribution

Thanks!
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts

Posted - 03 June 2005 :  06:33:22  Show Profile  Send ruirib a Yahoo! Message
Mur,

That's a great post. Very informative.

Personally I don't like profiles to be seen either. I've disabled that in my own forum since I first started using Snitz (3.1SR4). Seems like that is a deterrent to phishers as well. Anyway, great post!


Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

StephenD
Senior Member

Australia
1044 Posts

Posted - 03 June 2005 :  07:42:03  Show Profile  Send StephenD a Yahoo! Message
Mur, just been through all your articles .. you the Legend! man. I want to sign up for the rest of your site and read more when I get some cashflow happening again.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.28 seconds. Powered By: Snitz Forums 2000 Version 3.4.07