Re: [Asrg] How would SPF or Sender ID stopped this attack

[Barry Shein <bzs at world.std.com>]

On July 30, 2004 at 18:31 bill.mcinnis at messagelevel.com (Bill McInnis) wrote:
 > Last weekend a phishing attack took place against US Bank.  The phisher
 > spoofed and connected with the appropriate IP for US Bank,
 > 170.135.72.63.  How would SPF or Sender ID have managed to catch that
 > attack?

Only inasmuch as it would make it difficult if not impossible for them
to make the envelope (and in some extensions, header fields) appear to
be coming from whatever US Bank's domain is, usbank.com or whatever.

But it won't do much anything to stop slight variations on that domain
which the phisher might be able to register and even get SPF/RMX/etc
control such as us-bank.com or usbank-security.com or whatever.

I think phishing is a big problem like con games are a big problem,
they aim at the gullible who aren't easy to protect.

I'd imagine the best that can be done against phishing would be
something done at the website like you enter a unique username, not an
acct or anything very interesting to a stranger, and the BANK (e.g.)
should come back with a piece of information set up previously. So I
type in bzs in preparation to actually logging in and the website
should respond with "HADDOCK" and then I proceed, if not, I'm
suspicious.

But this would be a sizeable educational challenge and as I said we're
dealing with the gullible so if the site comes back with "Sorry, that
information has been purged due to security concerns, please complete
log in for further instructions" they probably will.


-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*

_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg