June 3, 2006
Phishing and its role in identity theft is part of the wicked web of intrigue that we all experience in our interaction with the online world. The hard part about phishing attempts is that it is often beyond the scope of many organizations to stop the madness. You may say, "Lux, what can I do? I'm just deleting them."
Here is a way in which average users can help takedown phishing sites, and the email/spam bots, with the hope of curtailing the perpetrators.
1. Take the Phishing Quiz and learn how to identify legitimate messages from Phish.
2. If you get any Phish email messages, report them to the Phish Incident Reporting and Termination (PIRT) project at castlecops.com , which is a volunteer organization that takes the steps to break the Phishing Circle via analysis, and implementing standard administrative steps to remove Phishing Sites and Phishing Domains. One can also forward the Phish Email to pirt@castlecops.com. They have been able to close down Phishing sites in as short at 16 hours.
3. Practice standard good client hygeine to avoid becoming a Phish victim. By keeping up your client machine with OS and application patches, anti-virus, and browser configurations, you will reduce the probability that your computer becomes a relay for Phish or spam emails.
We as a community in the IT world, as implementors and users, must do our part to clean up the 'broken windows' and 'graffitti', and the tragedy of the commons will not overwhelm us.
Posted by Thomas Siu at 08:55 AM
