Phishing emails dry up as fraudsters switch tactic Phishing email volumes fell during the first half of 2009, according to a variety of security reports out this week. Russian antivirus firm Kaspersky Lab reports a decline of phishing emails from 0.78 per cent of email traffic in 1Q2009 to 0.49 per cent in 2H09. The trend of gradual decline in phishing emails observed by …
I monitor clients' websites for all sorts of e-vermin stuff. Only this afternoon there was a very well constructed phishing email purporting to be from HMRC.
I reported the scam to the ISP hosting the domain niteo.pl on 62.146.68.147 which is where all confidential CC details are to be submitted. So far they have indicated total disinterest.
I also went to the HMRC website to see where I could alert them them to a new phishing attempt in their name. Guess what ........ so here am I trying to help ........ pathetic.
Why do I / we bother?
Quite a few Universities in the UK and USA have been targeted also over the past year. The emails pretend to come from the IT departments of the University and use various stories to try and pry the login details out of staff/students so they can be used to spam. Loughborough University came up with a pretty ingenious way of combating this problem and open sourced it. It's called Kochi - http://kochi.lboro.ac.uk/kochi1.html
I've had numerous attempts to email accounts on my system from officer.hughes@hmrc.co.uk over the past few days with subject lines like: "TAX REFUND ID NUMBER: 381716209"
They never got through because the SPF record for hmrc.co.uk specifically states that it should never be used to send email from anywhere.
root@haven:~# host -t txt hmrc.co.uk
hmrc.co.uk TXT "v=spf1 -all"
root@haven:~#
*Lots* of domains have an SPF record of "v=spf1 -all". Regardless of your opinions of SPF, one thing you can be sure of is that if a domain has an SPF record like that, it's safe to reject.
I am self employed and I only advertise in the local newspaper and drop leaflets occasionally. Something I have noticed is that almost every month somebody "claiming" to work for Yellow Pages phones me informing me that I am about to miss the deadline for their new directory. I highly suspect that it is somebody phishing for my credit card details, Especially the ones calling from mobiles.
If its a quiet day I keep the callers on the phone for about 30 minutes now. I show interest in their sales pitch, annoy the hell out of them by pretending to be thicker than I actually am and ask stupid questions before saying 'na, not interested mate' and hanging up.
The only thing I enjoy more is going into PC World and asking the sales monkeys difficult questions :)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
