Monday, November 24, 2008

Public sector implications of phishing

It's funny how things creep up on you. A year ago e-government was still just another buzz word to me ; e-commerce yes; but do my public sector stuff online? Nah.

And yet in the laast couple of months. I have paid for my road tax online, ditto for my TV license, and having failed to make my self assessment deadline, will be (ahem) paying someone else to do it for me online. E-government really is here.

Whih means it will no doubt be only a matter of minutes before the phishers catch on and exploit it as mercilessly as they're currently playing the troubled banking sector and its conbused customers. Today I got yet another Lloyds TSB -etc phish and for some reason decided to investigate this one. It was surprisingly mote sophisticated than last time I looked. The usual ploy; a fake URL which magically trasnsported you to a site that was NOT Lloyds TSB.

It was in fact

http://www.lloydstsb.co.uk-pre.info

Quite clever that huh? The even vaguely clued up punter now knows to like for the right URL - and it has the co.uk part right. That intrigued me so i looked up whois and found this:

Front Page Information

Website Title: Lloyds TSB - Logon
Title Relevancy 66%
Meta Description: This is the Lloyds TSB logon page
Description Relevancy: 71% relevant.
AboutUs: Wiki article on Uk-pre.info

So they've again anticipated the even vaguely clued up punter and poisoned the whois directory. Now that IS bad. The fake Wiki article link is also quite neat. I checked and it doesn't link to Wikipedia itself but an obviously f(ph) ishy advertising site. However i'm sure the next lot along will easily concoct a real Wiki article. After all it only has to stay up for a day or so...

All this makes it even clearer that expecting the consumer to spot a phish sit e is ever more unlikely. We need better anti phishing tools, better take down networks, more police/bank collaboration and better rules about phishing liability, and , as I've saiid before, soon.

Note: and the fake site is down - so that WAS take down within 12 hours or so..

2 comments:

Anonymous said...

Those who would like to do something useful with these messages can forward them (preferably with full headers) to reportphishing@antiphishing.org. There is some chance that this will speed the removal of the malicious site.

Nicholas Bohm

Anonymous said...

Actually, the AboutUs wiki page is linked off many whois results. It is a serious attempt at extending wiki functionality to all websites.

For instance, in this case, one could use the wiki page to constructively say this is a phishing site. Thus alerting people who come across the wiki page.

I just created a page on the wiki for a phishing game - http://www.aboutus.org/How_to_avoid_online_scams

Would love help extending the information on the page. Best, Mark