<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- To: <gnso-acc-sgb@xxxxxxxxx>
- Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- From: "Margie Milam" <Margie.Milam@xxxxxxxxxxxxxxx>
- Date: Fri, 18 May 2007 07:57:56 -0600
For Phishing related purposes, Domain name WHOIS is definitely used.
I'll give an example, although this not the only way WHOIS is used. Assume
there is a new domain name registered with the bank's name i.e,
bankname-onlinebankingservices.com . The registrant's WHOIS information
(including the information that would be shielded under OPOC) is used to
confirm whether the bank or some other party is the registrant of the new
domain name, as this information is compared to the legitimate WHOIS of domain
names that are registered by the bank. In this regard, the email is usually
the piece of information that is most revealing as it would not be an email
address from the bank's email service but from another provider (ie
margie@xxxxxxx). If the registrant information does not match known WHOIS of
the bank, this is a red flag indicating that this might be a phish and
additional analysis is required.
Margie
-----Original Message-----
From: owner-gnso-acc-sgb@xxxxxxxxx on behalf of Jeff Williams
Sent: Thu 5/17/2007 11:36 PM
To: gnso-acc-sgb@xxxxxxxxx
Cc:
Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
Dr. Dierker and all,
By IP issues Milton was talking about IP addresses, ergo IP Whois vs
DNS Whois.
And yes, in regards to Phishing attacks, Patrick earlier brought
up and broadened the scope of Whois data as these sorts of
attacks being fraud and involving "IP Whois data" as to access,
are relevant to determining how, who and under what set of
conditions ALL Whois data is available or utilized. What I
do not know is if "IP Whois data" is actually within the scope
of this WG and sub groups. Maybe Milton can answer that??
If so, another reference for getting an idea of how serious
various forms of Phishing attacks are see:
http://www.ipgovernance.com/News_on_Phishing__Identity.html
What concerns me most is the increasing frequency from Banks
of Phishing attacks by disgruntled Bank employees.
Hugh Dierker wrote:
> Sorry Milton,
>
> But aren't you just asking for more questions regarding "scope". I
> wholeheartedly agree with your assessment. But I was trying to avoid
> the IP issues in both a and b work.
>
> Eric
>
> Milton Mueller <mueller@xxxxxxx> wrote:
> Remember, its not just whether "whois" is used, it's whether its DNS
> (as
> opposed to IP) whois and whether the sensitive fields shielded by the
> OPoC recommendation are used.
>
> Dr. Milton Mueller
> Syracuse University School of Information Studies
> http://www.digital-convergence.org
> http://www.internetgovernance.org
>
> >>> "Patrick Cain"
> 05/16/07 10:55 AM >>>
> Hi,
>
> I am unaware of any such specific correlating statistic.
> The APWG has been leading an informal group to document the various
> uses
> of
> Whois data in phishing detection and mitigation. As soon as I get the
> ok
> from the authors, I'll forward it to the group as background
> information.
>
> Pat Cain
>
> -----Original Message-----
> From: owner-gnso-acc-sgb@xxxxxxxxx
> [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> On
> Behalf Of Milton Mueller
> Sent: Tuesday, May 15, 2007 11:56 PM
> To: gnso-acc-sgb@xxxxxxxxx; met@xxxxxxx; cgibson@xxxxxxxxxxx
> Cc: gnso-whois-wg@xxxxxxxxx
> Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch Govcert
> procedure
>
> Christopher:
> Are there any statistics establishing a correlation between phishing
> takedowns and access to street address, email or phone number in the
> public
> whois?
>
> Dr. Milton Mueller
> Syracuse University School of Information Studies
> http://www.digital-convergence.org
> http://www.internetgovernance.org
>
> >>> "Christopher Gibson" 05/15/07 3:07 PM >>>
> Given some of the legitimate uses of WHOIS data to combat fraudulent
> practices, here is a snapshot from the March Anti-Phishing Working
> Group
> (APWG) statistics that might be helpful to consider. Statistical
> Highlights
> for March 2007:
>
>
>
>
>
>
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|