July 18, 2009
It looks like phishing groups are doing their best to be more creative this summer, but fraud always looks like fraud. A recent example of a phish received by Case users appears to be sent from an internal campus notice. However, because it asks for Restricted information, a key element Case will never request via email, the fraud is evident.
A recent attack at North Carolina State University described in the Chronicle of Higher Education illustrates how far thieves will go. In this case, they created a bogus web page to collect UserID and passwords from people. This is an interesting attack I've seen discussed in security circles, and even done as security tests. It is amazing to see that somebody actually tried it in the real world against a university. I recommend users of web-based email clients install the McAfee Site Advisor utility in their browsers. If you click on a link of questionable nature, this will alert you to what could be a potential drive-by attack (you browse to a malicous site or a site with hidden malicous content).
The question that remains is, how do we stop phishing? Perhaps if we plead,
"Yo, phisher dudes! Chill!"
No, I don't think that will work. Phishing is a type of sales cold call. If you answer it, you open the door to larger theft and online misuse that leads to bigger security problems. Case users certainly have received enough of them over the 2007-2009 timeframe that they have been well-educated by the experience.
I recommend two things for users to do when they get a phish message:
1. Report phishing
2. Tell your friends and colleagues.
We used to request that Case users send phishing messages to Castlecops, but with their demise in 2008, I recommend you report them directly to the US-CERT Phishing Group by sending email to firstname.lastname@example.org. Of course, please remember to view the full headers to make the message investigation possible.
There still seem to be unwary users in our community who fall victim to phishing, so I suggest users make this a conversation topic. What a way to break the ice, "Hey, did you get that latest phishing message from..."
When they become ineffective, the phish will cease.
Posted by Thomas Siu at 03:40 PM