[Dshield] Improvements in Phishing takedown needed
John Mulkerin
jmulkerin at comcast.net
Sat Dec 15 16:28:27 GMT 2007
My FI (and my members) has just gone through the ringer with another
bout of Phishing. Over 50 different web sites were used to collect the
information. We of course, take them down as quickly as we know them.
From what I can see, we have good processes and companies in place to
take down the collection web sites collecting the compromised
information but we ignore the sites generating the phish. In our most
recent attack, of the 50 or so different phish emails, they primarily
came from 3 email servers all within the USA, yet I could not get one of
the ISPs to do anything for days and in 1 case two weeks. Law
enforcement was no help.
If we are serious about phishing we need to do more. We need to
develop better Phish black lists and processes to take down phish
generators. We need to get ISPs to cooperate and take down BOTH phish
generators and collection sites much more quickly than they do now.
Am I missing something or am I just naive?
John
More information about the list
mailing list