Thanks for the response.

Even though those fraudulent sites come and go quickly, they can still be traced, tracked and catched, and brought to the books of law, including their service providers. If this exercise is done for a few cases the attacks will eventually slow down. Festive seasons are to enjoy and not to be fool innocents, as those phisers are doing. But prior to that a legal provision has to be made in this direction for Internet clients and service providers.

How about preparing RFP in this direction to be submitted to Internet regulating authorities.

Imamuddin

Like or Dislike: 0  0

I agree that we need tighter controls over phishing site owners. The problem is that they come and go so quickly it is not easy to keep track.

At VeriSign we use the services of a brand protection agency to assist us when we identify fraudulent sites. They initiate take down procedures and have been very effective. I’ve noticed, however, that as we’ve come closer to the festive season, the reports of fraudulent sites has increased. The public should be particularly careful during this time.

I’m pleased to see that the global community has become more aware of the threats posed by these sites and services such as http://www.phishtank.com have been launched to report fraudulent sites.

In the UK, the authorities have also become more open to reports of fraudulent sites and they can be reported at http://www.consumerdirect.gov.uk

The public really needs to be aware of these dangers and in our effort to provide information, we have launched http://www.phishornophish.com (also available in about 11 other languages) which helps you to tell the difference between a fraudulent and a genuine site. Another great site is http://www.trustthecheck.com which gives a lot of tips on how to stay safe online.

I’m not sure if there is an official cyber crime book but I do know that the authorities all over the world are clamping down on cyber crime. A perfect example was Operation Phish fry which saw the FBI and authorities from all over the world arresting nearly 100 suspect hackers from US and overseas.

Thanks again for your comment. I hope you have a great day!

Regards

Bronwyn

Like or Dislike: 0  0

Is there anything like this coming up?

Lets hope for the best.

Imamuddin

Like or Dislike: 0  0

Like or Dislike: 0  0

Trustworthiness of sites is a big issue. For secure sites, it’s well worth viewing the “Subject” of the certificate, which ideally will tell you more about the site. This feature isn’t just limited to EV certificates; SSL is about more than encryption and ideally certificates should include information about who they were issued to. Unfortunately a lot of certificates on the Internet are DV certificates where only the ownership of the domain was verified and these certificates don’t contain any useful information in the subject. Ideally any site handling personal or financial information will have a better certificate than a DV one.

Free DV certificates and inexpensive certificates at higher levels of verification can be had from StartSSL - https://www.startssl.com (no connection other than as a satisfied customer and as a volunteer notary in their Web of Trust programme).

Talking of Webs of Trust, http://www.mywot.com has a free Web of Trust for web sites offering ratings for “Trustworthiness”, “Vendor reliability”, “Privacy” and “Child safety”. There’s free add-ons for Firefox and Internet Explorer that display the ratings.

Ideally sites would move on beyond passwords to using client certificates. Managing a multitude of client certificates would be a nightmare, but OpenID can come to the rescue. StartSSL has a solution here - once you have your free client certificate, you can sign up to their free OpenID provider. Unfortunately many OpenID capable sites do not yet work reliably with StartSSL’s OpenID provider.

Like or Dislike: 0  0

Like or Dislike: 0  0

Keep writing!

Like or Dislike: 0  0