Comments on: Phishing for clicks, at my expense http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/ A blog about and from PhishTank, a collaborative clearinghouse for data about phishing. Mon, 12 May 2008 10:41:35 +0000 http://wordpress.org/?v=2.0.4 by: Aubrey Jones http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-59120 Mon, 17 Dec 2007 19:39:37 +0000 http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-59120 Great information. This is likely a side effect of the security upgrades that most financial institutions have put into place over the last year. The value of a stolen online banking creditial has gone down tremendously, so getting 'free' pay-per-clicks is a great way to generate a whole new round of traffic. The criminals definitely work hard to keep one step ahead of the good guys. Great information. This is likely a side effect of the security upgrades that most financial institutions have put into place over the last year. The value of a stolen online banking creditial has gone down tremendously, so getting ‘free’ pay-per-clicks is a great way to generate a whole new round of traffic. The criminals definitely work hard to keep one step ahead of the good guys.

]]> by: Russ Price http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-44856 Tue, 25 Sep 2007 00:33:56 +0000 http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-44856 Just curious - do Phishtank reports get passed onto any law enforcement agencies? If not, it just seems to me that the criminals doing the phishing will simply be able to move on to other hacked web sites with no penalty or risk (a practice known as "whack-a-mole" in the antispam community). Are any law enforcement agencies actively pursuing phishers? Just curious - do Phishtank reports get passed onto any law enforcement agencies? If not, it just seems to me that the criminals doing the phishing will simply be able to move on to other hacked web sites with no penalty or risk (a practice known as “whack-a-mole” in the antispam community).

Are any law enforcement agencies actively pursuing phishers?

]]> by: DougieLawson http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-43754 Wed, 19 Sep 2007 06:33:09 +0000 http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-43754 John, some interesting observations. It's clear that the phony pharmacy, the spam email, the phishing email, the phishing sites and the money laundering (money mule) sites are all closely coupled. We in the 'tank are working on one aspect. Folks like SpamCop are working on another aspect. Law enforcement (the High Tech Crime Unit in the United Kingdom) need to work on some of the "more illegal" aspects (working with the FBI and the FTC). Until you can break the loop (until all the banks use HTTPS (secure HTTP)) for their websites; we'll all be plaugued with the bucket of crud in our inboxes. [My wife gets about 10 NatWest phishes every day - she banks with NatWest Online - but isn't stupid enough to click a link in an email.] That brings the other aspect that needs to be tackled. Lets see if we can get folks to stop buying phony viagra, lets see if we can get folks tuned in to the fact that their bank, PayPal, eBay will NOT send email with a link to click for security issues. My credit card company, for example, used SNAIL MAIL and the plain old telephone for a recent set of strange transactions that went on my account (they were benign, but tripped their security monitoring). John, some interesting observations. It’s clear that the phony pharmacy, the spam email, the phishing email, the phishing sites and the money laundering (money mule) sites are all closely coupled.

We in the ‘tank are working on one aspect. Folks like SpamCop are working on another aspect. Law enforcement (the High Tech Crime Unit in the United Kingdom) need to work on some of the “more illegal” aspects (working with the FBI and the FTC).

Until you can break the loop (until all the banks use HTTPS (secure HTTP)) for their websites; we’ll all be plaugued with the bucket of crud in our inboxes. [My wife gets about 10 NatWest phishes every day - she banks with NatWest Online - but isn’t stupid enough to click a link in an email.]

That brings the other aspect that needs to be tackled. Lets see if we can get folks to stop buying phony viagra, lets see if we can get folks tuned in to the fact that their bank, PayPal, eBay will NOT send email with a link to click for security issues. My credit card company, for example, used SNAIL MAIL and the plain old telephone for a recent set of strange transactions that went on my account (they were benign, but tripped their security monitoring).

]]> by: M M http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-42130 Wed, 12 Sep 2007 19:30:33 +0000 http://www.phishtank.com/blog/2007/09/07/phishing-for-ad-clicks/#comment-42130 I got the same stupid thing myself, not once but thrice! I also flagged my entry to PhishTank's moderator that this was indeed a new type of phish. I likely received this one because I have a Yahoo account myself, although there are some others in the Society with different addresses they pool into this account with their received phishes. Your ally at the London Antiphishing Society, near Arkansas Nuclear One I got the same stupid thing myself, not once but thrice! I also flagged my entry to
PhishTank’s moderator that this was indeed a new type of phish. I likely received
this one because I have a Yahoo account myself, although there are some others in
the Society with different addresses they pool into this account with their received
phishes.

Your ally at the London Antiphishing Society, near Arkansas Nuclear One

]]>