http://www.phishtank.com/blog/2006/10/10/phishtank-in-the-news-october-10-2006/ A blog about and from PhishTank, a collaborative clearinghouse for data about phishing. Tue, 07 Oct 2008 11:42:30 +0000 http://wordpress.org/?v=2.0.4 http://www.phishtank.com/blog/2006/10/10/phishtank-in-the-news-october-10-2006/#comment-72 Tue, 10 Oct 2006 18:26:49 +0000 http://www.phishtank.com/blog/2006/10/10/phishtank-in-the-news-october-10-2006/#comment-72 I agree Stuart, it is kind of tough, if they were easy to pick out, they wouldn't be effective ;). I'm working on putting together a program called Bobber (think long and hard about that one) that will look at the URI itself (not the content of the website) and give odds on if that site is a phish or not. I'm not sure how effective it will be because it's not made yet, but with the number of phishes i've verified so far, I see a lot of very promising trends. I agree Stuart, it is kind of tough, if they were easy to pick out, they wouldn’t be effective . I’m working on putting together a
program called Bobber (think long and hard about that one) that will look at the URI itself (not the content of the website) and give
odds on if that site is a phish or not. I’m not sure how effective it will be because it’s not made yet, but with the number of phishes
i’ve verified so far, I see a lot of very promising trends.

]]> http://www.phishtank.com/blog/2006/10/10/phishtank-in-the-news-october-10-2006/#comment-71 Tue, 10 Oct 2006 16:52:17 +0000 http://www.phishtank.com/blog/2006/10/10/phishtank-in-the-news-october-10-2006/#comment-71 I recognize phishes by the forged or unrelated email headers, not by the URLs. For instance, ebay is not going to send their official mail from hotmail. The outright forgeries (10000+ per day just to me) are rejected in SMTP envelope via SPF (http://new.openspf.org) protocol and some adhoc heuristics (e.g. reject connections using my own domain in HELO, reject invalid numeric HELO like 1.2.3.4). So I find it a little difficult to judge whether something is a phish based just on a website. I recognize phishes by the forged or unrelated email headers, not by the URLs. For instance, ebay is not going to send their official mail from hotmail. The outright forgeries (10000+ per day just to me) are rejected in SMTP envelope via SPF (http://new.openspf.org) protocol and some adhoc heuristics (e.g. reject connections using my own domain in HELO, reject invalid numeric HELO like 1.2.3.4). So I find it a little difficult to judge whether something is a phish based just on a website.

]]>