http://www.phishtank.com/blog/2007/12/19/cmu-survey/ A blog about and from PhishTank, a collaborative clearinghouse for data about phishing. Tue, 30 Jun 2009 19:58:42 +0000 http://wordpress.org/?v=2.8 hourly 1 http://www.phishtank.com/blog/2007/12/19/cmu-survey/comment-page-1/#comment-87620 Dante Sat, 26 Apr 2008 07:28:33 +0000 http://www.phishtank.com/blog/2007/12/19/cmu-survey/#comment-87620 What were the results? What were the results?

]]> http://www.phishtank.com/blog/2007/12/19/cmu-survey/comment-page-1/#comment-71611 chira Tue, 26 Feb 2008 07:34:00 +0000 http://www.phishtank.com/blog/2007/12/19/cmu-survey/#comment-71611 I am quite motivated to assist with this site, and have been an active anti-phishing advocate. However, Ive noticed the following: As an operator or numerous legitimate sites. Ive stumbled upon a serious problem with this site and whole concept. The methods of phishing have evolved, and they often use legitimate sites as a means to carry out phishing attempts. I am a victim of this, as I have seen my sites victimized, weither it be spoof attempts, or cross linking, by phishers, and subsequently seen my site blacklisted, a process which is long and arduous to recover from. It is IMPERATIVE for those identifying phishers that you identify the phishers themselves, not the site they exploited to carry out their attack. I currently host many users free of charge and provide services to many, however one phisher uses these resources for malice, and rather than be identified, my entire site becomes blocked, leaving the phisher free to employ methods elsewhere. An argument would be that all site admins are responsible for securing sites against this, but it takes relatively little effort for phishers to stay 1 step ahead at least for an effective timeframe. Finding phishing pages is NOT as simple as cut and pasting a URL, as phishers are smart, and we should assume so. They will almost NEVER use their own servers/resources directly and obviously with information leading to them available via url or whois. It is much more complex than this post, vote and condemn. Granted there are obvious attempts, such as similar domains, but overall the most effective phishing on the net are not nearly so simple. My own and many others have been the victim of this site and others who use SIMPLE MEANS TO SOLVE A COMPLEX PROBLEM. I support the effort here, however I strongly believe it needs much work and consideration. I am quite motivated to assist with this site, and have been an active anti-phishing advocate. However, Ive noticed the following:
As an operator or numerous legitimate sites. Ive stumbled upon a serious problem with this site and whole concept. The methods of phishing have evolved, and they often use legitimate sites as a means to carry out phishing attempts. I am a victim of this, as I have seen my sites victimized, weither it be spoof attempts, or cross linking, by phishers, and subsequently seen my site blacklisted, a process which is long and arduous to recover from. It is IMPERATIVE for those identifying phishers that you identify the phishers themselves, not the site they exploited to carry out their attack. I currently host many users free of charge and provide services to many, however one phisher uses these resources for malice, and rather than be identified, my entire site becomes blocked, leaving the phisher free to employ methods elsewhere. An argument would be that all site admins are responsible for securing sites against this, but it takes relatively little effort for phishers to stay 1 step ahead at least for an effective timeframe. Finding phishing pages is NOT as simple as cut and pasting a URL, as phishers are smart, and we should assume so. They will almost NEVER use their own servers/resources directly and obviously with information leading to them available via url or whois. It is much more complex than this post, vote and condemn. Granted there are obvious attempts, such as similar domains, but overall the most effective phishing on the net are not nearly so simple. My own and many others have been the victim of this site and others who use SIMPLE MEANS TO SOLVE A COMPLEX PROBLEM. I support the effort here, however I strongly believe it needs much work and consideration.

]]>