<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- To: <gnso-acc-sgb@xxxxxxxxx>
- Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- From: "Margie Milam" <Margie.Milam@xxxxxxxxxxxxxxx>
- Date: Mon, 21 May 2007 09:23:59 -0600
Jeff,
Where is your evidence that banks do not investigate Whois in this
manner? At MarkMonitor, we provide these services to many banks, both
domestic and international, in connection with their anti-phishing
initiatives. There are many other service providers in this industry
conducting similar investigations on behalf of banks. In addition,
there are some larger banks that have developed sophisticated in-house
teams to combat phishing and other anti-fraud initiatives which use
WHOIS for this purpose.
Our group needs to understand the usefulness of this information in
protecting the privacy of individuals who may fall prey to phishing
attacks and inadvertently disclose their personal financial information
to criminals. By understanding this and the other legitimate uses of
WHOIS, hopefully we can develop a WHOIS policy that takes into account
all of these interests.
Margie
-----Original Message-----
From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
On Behalf Of Jeff Williams
Sent: Sunday, May 20, 2007 11:19 PM
To: gnso-acc-sgb@xxxxxxxxx
Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
Margie and all sgb members,
Of course your assuming that there has been no transfer to another
registrar of the legitimate banks domain name, and that even the
original
registration was accurate and up to date, and assumption which some
time ago with in the sex.com case as an example is dubious at best,
and one as a forensic data security investigator on occasion, I would
never make.
However as many if not most banks do not have such expertise
in house or even consider such a level of investigation is necessary,
your senerio/example brings another consideration as to what rules
need to be in place for viable and/or technically legitimate third
party accessors to be considered or allowed as same.
Margie Milam wrote:
> For Phishing related purposes, Domain name WHOIS is definitely used.
>
> I'll give an example, although this not the only way WHOIS is used.
Assume there is a new domain name registered with the bank's name i.e,
bankname-onlinebankingservices.com . The registrant's WHOIS information
(including the information that would be shielded under OPOC) is used to
confirm whether the bank or some other party is the registrant of the
new domain name, as this information is compared to the legitimate
WHOIS of domain names that are registered by the bank. In this regard,
the email is usually the piece of information that is most revealing as
it would not be an email address from the bank's email service but from
another provider (ie margie@xxxxxxx). If the registrant information
does not match known WHOIS of the bank, this is a red flag indicating
that this might be a phish and additional analysis is required.
>
> Margie
>
>
>
> -----Original Message-----
> From: owner-gnso-acc-sgb@xxxxxxxxx on behalf of Jeff Williams
> Sent: Thu 5/17/2007 11:36 PM
> To: gnso-acc-sgb@xxxxxxxxx
> Cc:
> Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish
statistics
>
>
>
> Dr. Dierker and all,
>
> By IP issues Milton was talking about IP addresses, ergo IP
Whois vs
> DNS Whois.
>
> And yes, in regards to Phishing attacks, Patrick earlier
brought
> up and broadened the scope of Whois data as these sorts of
> attacks being fraud and involving "IP Whois data" as to
access,
> are relevant to determining how, who and under what set of
> conditions ALL Whois data is available or utilized. What I
> do not know is if "IP Whois data" is actually within the scope
> of this WG and sub groups. Maybe Milton can answer that??
>
> If so, another reference for getting an idea of how serious
> various forms of Phishing attacks are see:
> http://www.ipgovernance.com/News_on_Phishing__Identity.html
>
> What concerns me most is the increasing frequency from Banks
> of Phishing attacks by disgruntled Bank employees.
>
> Hugh Dierker wrote:
>
> > Sorry Milton,
> >
> > But aren't you just asking for more questions regarding
"scope". I
> > wholeheartedly agree with your assessment. But I was trying
to avoid
> > the IP issues in both a and b work.
> >
> > Eric
> >
> > Milton Mueller <mueller@xxxxxxx> wrote:
> > Remember, its not just whether "whois" is used, it's
whether its DNS
> > (as
> > opposed to IP) whois and whether the sensitive fields
shielded by the
> > OPoC recommendation are used.
> >
> > Dr. Milton Mueller
> > Syracuse University School of Information Studies
> > http://www.digital-convergence.org
> > http://www.internetgovernance.org
> >
> > >>> "Patrick Cain"
> > 05/16/07 10:55 AM >>>
> > Hi,
> >
> > I am unaware of any such specific correlating statistic.
> > The APWG has been leading an informal group to document the
various
> > uses
> > of
> > Whois data in phishing detection and mitigation. As soon as
I get the
> > ok
> > from the authors, I'll forward it to the group as background
> > information.
> >
> > Pat Cain
> >
> > -----Original Message-----
> > From: owner-gnso-acc-sgb@xxxxxxxxx
> > [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
> > On
> > Behalf Of Milton Mueller
> > Sent: Tuesday, May 15, 2007 11:56 PM
> > To: gnso-acc-sgb@xxxxxxxxx; met@xxxxxxx; cgibson@xxxxxxxxxxx
> > Cc: gnso-whois-wg@xxxxxxxxx
> > Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch
Govcert
> > procedure
> >
> > Christopher:
> > Are there any statistics establishing a correlation between
phishing
> > takedowns and access to street address, email or phone
number in the
> > public
> > whois?
> >
> > Dr. Milton Mueller
> > Syracuse University School of Information Studies
> > http://www.digital-convergence.org
> > http://www.internetgovernance.org
> >
> > >>> "Christopher Gibson" 05/15/07 3:07 PM >>>
> > Given some of the legitimate uses of WHOIS data to combat
fraudulent
> > practices, here is a snapshot from the March Anti-Phishing
Working
> > Group
> > (APWG) statistics that might be helpful to consider.
Statistical
> > Highlights
> > for March 2007:
> >
> >
> >
> >
> >
> >
>
> Regards,
> --
> Jeffrey A. Williams
> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
strong!)
> "Obedience of the law is the greatest freedom" -
> Abraham Lincoln
>
> "Credit should go with the performance of duty and not with
what is
> very often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the
burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
>
===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
> IDNS. div. of Information Network Eng. INEG. INC.
> ABA member in good standing member ID 01257402
> E-Mail jwkckid1@xxxxxxxxxxxxx
> Registered Email addr with the USPS
> Contact Number: 214-244-4827
>
>
>
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security
IDNS. div. of Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402
E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS
Contact Number: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|