Phishing

I’m getting sick of phishing emails, I get about 5 different ones a day, they mostly target Amazon, eBay, and PayPal. All of them look pretty damn real, but it’s pretty obvious the hostnames or the IP addresses part of the URLs aren’t the real deal…

A lot of these phishing pages actually link to the real site to get the images, as they are too lazy to steal them and host them at their sites. It’s pretty easy to write software to identify images referred from phishing sites. It really shouldn’t be hard to identify them, and automatically perform a DDoS attack on that server, as most of these phishing sites probably aren’t that well protected themselves. But of course, this wouldn’t work if they download the images and host them on their servers themselves.

I guess ISP’s and the media ought to better educate the public on phishing emails, it’s pretty easy to go to sites like http://www.antiphishing.org to check if it’s a reported phishing attempt. Or just go to the sites directly to see if you really need to update something instead of clicking on the links in the emails.

SpamAssassin usually filters out stuff like this, I think the reason why I see them is because they usually forge legit from: email addresses. Like I have *@amazon.com and *@ebay.com on my whitelist, so they got through. If I start to get more than 10 a day then I’ll adjust my SpamAssassin settings. Now they are kindda entertaining to read at times…

Leave a Reply