Using Images to Fight Phishing
So-called "phishing" Web sites set up by scammers to mimic financial institutions and swindle unwitting consumes often "inlink" or borrow logos and other images directly from the targeted institution's Web sites as a way of making their scam pages look more legitimate (or maybe because the crooks are just lazy). Security experts have long suggested that banks turn the tables on phishing sites that use this technique by creating a short whitelist of sites that are permitted to use those images, and then simply swapping out the real image with one that reads "THIS IS A SCAM SITE" for any sites not on the whitelist.
For whatever reason (likely out of fear that an innocent site may set off alarm bells and scare customers away from online banking) most banks have ignored this advice, or if they are using such techniques I've never seen them employed by any major finanicial institution against phishing attacks. That is, until today, when a good friend forwarded me a link to this phishing site that tries to impersonate e-gold.com, a digital currency used by millions of people around the globe (for a more thorough explainer of how e-gold works, check out this Wikipedia entry). While e-gold may not come to mind for many people when talking about major financial institutions, the company has been a frequent target of phishing attacks.
If you visit the scam site -- or better yet, just click on the included screenshot to see what I'm talking about here -- you'll notice the stop signs and a big honking alert in the center of the screen where this image used to be, which now says "THIS IS A FAKE -- FRAUDULENT WEB SITE". I contacted e-gold about this and they confirmed that their Web site techies did indeed "have a little phun with the images" on their site. Very slick.
A variation on this technique is also useful in another way to help -- if not prevent phishing attacks -- then at least give e-gold a way to alert users who may have just fallen for a phishing scam targeting its site. That's because it's fairly standard practice for phishing sites to redirect users to the real financial institution's Web site after the scammers have tricked the user into giving away his or her personal and financial data. By using a blacklist of known phishing sites, banks could serve customers referred from those scam pages a warning that urges them to pick up the phone and contact their customer service department.
It's worth noting that Netcraft's anti-phishing toolbar detected this site as malicious and tried to prevent me from visiting it, as it is designed to do. I have to say that I've visited countless phishing sites in the past few months, and Netcraft's toolbar has done its job almost unfailingly.
Posted by: Bill Wallbank | August 31, 2006 12:10 PM | Report abuse
Posted by: firstname.lastname@example.org | August 31, 2006 12:22 PM | Report abuse
Posted by: Larry Seltzer | August 31, 2006 12:34 PM | Report abuse
Posted by: The Cosmic Avenger | August 31, 2006 12:50 PM | Report abuse
Posted by: antibozo | August 31, 2006 12:57 PM | Report abuse
Posted by: Anonymous | August 31, 2006 1:03 PM | Report abuse
Posted by: jrw | August 31, 2006 1:07 PM | Report abuse
Posted by: DBH | August 31, 2006 2:54 PM | Report abuse
Posted by: Gregg Keizer | August 31, 2006 3:14 PM | Report abuse
Posted by: William Palmborg,SecuraSystem Corp. | August 31, 2006 3:22 PM | Report abuse
Posted by: Jeff | August 31, 2006 3:41 PM | Report abuse
Posted by: GTexas | August 31, 2006 5:10 PM | Report abuse
Posted by: antibozo | August 31, 2006 5:42 PM | Report abuse
Posted by: Larry Seltzer | September 1, 2006 7:05 AM | Report abuse
Posted by: AE | September 1, 2006 2:22 PM | Report abuse
Posted by: Michael | September 1, 2006 3:29 PM | Report abuse
Posted by: Henker | September 1, 2006 6:13 PM | Report abuse
Posted by: Mhadf | September 3, 2006 3:58 PM | Report abuse
Posted by: antibozo | September 3, 2006 5:18 PM | Report abuse
Posted by: thw2001 | September 5, 2006 11:06 AM | Report abuse
The comments to this entry are closed.