Secure UI: 9-Block Phishmarks

When I originally came up with the idea of phishmarking, I was thinking of using fractal patterns.  Unfortunately, fractual patterns are rarely simple symmetrical designs so they are more difficult to remember.  So while I was looking for a different approach, I remembered Jared Tarbell's 9-Block Pattern Generator at Levitated.net which basically does what quilt makers have been doing for … Continue reading Secure UI: 9-Block Phishmarks

Anti-Phishing Working Group Meeting

I was out all day yesterday to attend the Anti-Phishing Working Group meeting at Wells Fargo World HQ in San Francisco.  About one hundred people from wide assortment of backgrounds were there, some from law enforcement agencies like the Secret Service and FBI, lawyers, prosecutors, financial services, e-tailers, solutions vendors, and security experts.  APWG did an impressive … Continue reading Anti-Phishing Working Group Meeting

Cleaning Phish with a Hammer

Two must-have features I am planning to add to PhishGuard are: Require the user to approve hyperlink activation from within e-mail clients using a security dialog that clearly displays destination URL. Disable all hyperlinks in e-mail clients Implementing these two features for just Outlook and Outlook Express should stop most phishing attacks on Windows platforms.  It's a brutal solution, … Continue reading Cleaning Phish with a Hammer

Good Phishing Story

New York Times has a good article on the growing phishing epidemic. On how much money phishers make: In February, Alec Scott Papierniak, 20, a college student in Mankato, Minn., pleaded guilty to wire fraud. He had sent people e-mail messages with a small program attached that purported to be a "security update" from PayPal. The … Continue reading Good Phishing Story

Phishing at PayPal

Crooks are hard workers, working even on weekends.  PayPal was the target this Saturday. Jesus R. Distilling?  Hmm.  This one looks muted and don't even use the PayPal brand power.  The stick is 'attempt of unauthorized penetration'.  More sophisticated attempt could involve actually triggering a real PayPal notification and then weaving into the message exchange … Continue reading Phishing at PayPal