Author |
Topic |
|
StephenD
Senior Member
Australia
1044 Posts |
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
Posted - 01 June 2005 : 00:33:30
|
To use the Forgot your password function, you need to know both the username and the e-mail address of a user. You can't just enter any known username and e-mail address, they must match. |
|
|
Podge
Support Moderator
Ireland
3775 Posts |
|
Podge
Support Moderator
Ireland
3775 Posts |
|
Mur
Zapped Profile
24 Posts |
Posted - 03 June 2005 : 06:18:07
|
This is really a cool subject and most of the articles online are not technically correct. If you have time and are interested here’s some information that I can supply regarding this subject.
Don’t think for a minute that phishing is all scripts and a fully automated system like most of the writers online like to report. I’ll say from experience of monitoring network activity this is mostly a manual process and the reports you might see online are not correct in how a phisher gets information about members of a site. (Mostly financial sites)
(This is in most cases what happens)
A couple of years ago on one of my Commercial sites I monitored a connection from Nigeria. The person connected and created an account. Then moved to the Snitz Members list and pulled every email address from the member’s profiles that was made public. After they visited every profile they spammed out a notice to click here and update their profile. The email was sent using my login page. (They copied the HTML and recreated a couple of pages that was linked from the email. Just like the phishers do today, they asked for PayPal email addresses to be updated and passwords for my site. I’m sure that was due to the fact that I advertised PayPal Payments.
Now what they (Phishers) seem to be doing is targeting sites that offer eCommerce with a common username email address login. Like Yahoo Stores, Auction, eBay and MSN Shopping.
It’s a very slow process for them but they do have the resources and people to do it. How it’s done. Phishers check profiles of sites first to see if email addresses and names are available. (Now with the popularity of Blogs they spend most of their time surfing blogs for information)
If they find a email address like yourname@yahoo.com and you have a profile on yahoo they check possible passwords that could be your name, birthdates, dogs name that you commented in your profile. You wouldn’t believe how many people actually use common passwords of kid’s names and then list their kid’s names in their profiles.
If that fails they still have your email address. Once you have a persons email address and know they are a member of say Yahoo Auctions the phisher knows that Yahoo requires a Credit Card on file. So they copy the information they need to their slick little database and send you a nice email asking you to update your account information and then ask for your card number, username, password etc. Same stuff they always ask for.
If you keep in mind that the process is not automated about the part of cultivating special information. (Not to be confused with email bots/spiders), then you can check your own security by visiting your members pages. I send notices to members on commercial sites that use birthdates as passwords when a birthdate is shown in the forums. (Birthday Mod).
At this time for phishing the only thing that is automated is the spam. (This information is from my experience, if you know of someone that can prove otherwise I would like to see the code. )
So if you want to protect members on a commercial site. Don’t allow profiles to be viewed. If you run a site like eCommerce or Auctions you have to allow profiles for sellers so you really need to tell members that you will never ask them for a password or login information. That’s the key, educate your members.
Last thing regarding Mod’s to protect your site. Easy mod to do in Snitz, IPBan logs connection. Allow 3 attempts on any given IP address for user login or password retrieval. After 3 failed attempts lock out the IP for 30 minutes or more. Do not note that the account is locked. Use your IPBan Mod to ban the IP for that time. Redirect to a customer support page asking them to check their records and try again. From your special customer service page have your IPBan monitor everything and log it all. Track the IP and ban the network block from your site for a fixed time frame. You now have successfully stopped further attacks from this phisher for the moment. Be creative with phishers because they are human, don’t tell them you are banning them, tell them something like “The email address you used is not on file” or for fun if you are good with code and love to play hard ball redirect them to the old 200 popups or the fake format page or if you don’t live in the USA use the startup menu delivery code plant and send them a big note the next time they restart their computer. (if you don’t know what I’m talking about don’t worry just read some of the posts from the link below and use your imagination)
If you are interested in how Phishers work and how they setup things I have a few posts in a forum. I don’t have everything posted online because I’m not sure if it’s really good to offer a post that actually could be used as a Phishers Starter Kit.
Hope this helps and wasn’t to boring.
Phishers that sent email to me, My Notes and reports Click Here
Regards, Mur |
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 03 June 2005 : 06:24:12
|
Quite the opposite - fascinating, excellent contribution
Thanks! |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 03 June 2005 : 06:33:22
|
Mur,
That's a great post. Very informative.
Personally I don't like profiles to be seen either. I've disabled that in my own forum since I first started using Snitz (3.1SR4). Seems like that is a deterrent to phishers as well. Anyway, great post!
|
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
StephenD
Senior Member
Australia
1044 Posts |
Posted - 03 June 2005 : 07:42:03
|
Mur, just been through all your articles .. you the Legend! man. I want to sign up for the rest of your site and read more when I get some cashflow happening again. |
|
|
|
Topic |
|