Oh yes, use OpenDNS. It blocks phishing sites with a page like IE, but it WONT LET YOU CLICK TO GO PAST!!! This in my opinion is even better - if they know it’s a phishing site, don’t let people go there!
@Eam
Stonehat: You’re probably going to have to give that one up. So few people know there’s a distinction, and even fewer care.
too bad for you. it’s rude to call a hacker a cracker. A cracker ISN’T a hacker, no matter which way you slice it. A hacker is honest, a cracker isn’t.
This is the site going around right now with the service@paypal.com address in the email. It’s a VERY good disguise and I almost fell for it myself. I know it’s going to catch a lot of users and mess with their bank accounts. Hope paypal is keeping an eye on it considering what kind of site they are. It could literally cost thousands if not millions if they don’t get it shut down soon.
Anybody know how to hack phishing sites as “payback”? I feel like spending the time to learn hacking just to go around the internet hacking and shutting down these phishing sites to keep them from hurting people. If I knew where to start, I would have started already.
Anybody out there know of groups that do hack phishing sites to shut them down? I’d love to have someone to email websites to so they could take care of it or teach me how to do it. Dishonesty is a really big pet peeve of mine and it makes me more angry than anything else imaginable.
If anyone has a group that does this or knows where I could start learning and then set up a group myself, please email me at BauerWilliams@msn.com and I will be very grateful.
Anybody else want to band together to help stop the phishing sites with me? I’m very serious and really would like to do something to protect some of the less computer literate people from being scammed. I’m not by any means an expert, but I know the basics, I just need to learn how or where to get them shutdown.
Thanks in advance for any info you can share, I’ll happily, very happily settle for a group I can send the sites too until I’ve earned the trust needed to be shown how to do it myself. My intentions are completely honest and I have no desire to play anyone or to do things I shouldn’t do. Like someone else in this thread said, a hacker isn’t a cracker. A hacker is honest and a cracker isn’t and I’d really like to be a hacker (kind of an internet superhero!)…yeah, I’m an old geek, but what can I say. I’m from the generation that wants to save the world. (almost 40!!! OMG I’m getting old!!)
ok I’ve rambled enough LOL
Thanks
Others made the IE7 blacklist and were blocked completely behind a gateway page. I prefer this to the Firefox approach; once the URL is reported as a phishing site, there’s absolutely no reason to show any of its content to the user.
Firefox 3 do this.
@Gabriel J. Smolnycki: Only the Jolly Roger brand of phreakers are extinct, those who move on are still alive, well, and saving themselves a fortune.
don’t trust you browsers domain-specific autocomplete. for one thing, DNS can be hacked. Viruses manipulate hosts files. ARP-spoofers can overrule DNS, routing and everything else. Proxy servers may be compromised. Man in the middles are a real possibility.
I think it would be a nice option to show the page. Actually loading it gives the exploiter information (since they can identify the source of request, perhaps even identify the way you ‘found the phishing site’ because of unique ID-s in the url etc. etc.). Now, combine that with all-to-common cross-site scripting info, general privacy issues (referers, browser plugins etc. etc.) and you know you had better NOT load the page, even if read only. Of course, an option would be to show a static image from the anti-phishing database (much like popular web-snapshotters or thumbnailers).
Oranges are lame. Protesting continues
more @dave
oh and I almost forget you cannot trust your own home network for DNS security, ARP safety etc. etc. once you use wireless somewhere in the network (especially with bridging links to LAN). WiFi is breachable (not only WEP).
The truly paranoid will therefore never be able to recognize ‘true’ websites from ‘phishing’ unless the authentication is two-way and gives external verification. This is talked about in a few other comments.
I pretty much have to rely on Internet Explorer to protect her from this stuff
Dude she’s lost…
Dialogs are useless to prevent users from doing anything, they just click through them as fast as they can.
I don’t feel too sorry for users who end up on these sites. How did they get there? Did they type in the address in the browser.
Probably not, they probably clicked on an email link that said “Free Stuff Click Here”.
If you give people a loaded gun, some of them will shoot thier foot off.
The phishing blacklist is a good idea, but it will always be a few steps behind, plus its just a band aid.
Maybe a better approach is that when you register your URL like www.mysite.com you have to give reliable contact information, so that if you site is bad, authorities can find and arrest the offender(s).
Are any of these Phishers punished when there site is discovered? Probably not. Start enforcing some type of “internet” laws and punishments and some of the activity may be contained. I know this might be hard when some sites are overseas.
Otherwise, better tell grandma not to buy anything online.
