ICANN ICANN Email List Archives

[gnso-acc-sgb]


<<< Chronological Index >>>    <<< Thread Index >>>

RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics

  • To: gnso-acc-sgb@xxxxxxxxx
  • Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
  • From: jwkckid1@xxxxxxxxxxxxx
  • Date: Mon, 21 May 2007 15:13:58 -0500 (GMT-05:00)

Margie and all sgb members,

  For evidance see sans.org as only one address where there
 are many examples, too many to list here.

  As I am not your personal research assistant, and I always
do my homework as well as have been directly involved with 
a number of larger banks in the traning of such personel for
purposes of same on more than one occasion, I know that many
if not most banks regardless of size are not reasonable
able or very weak in doing a in depth investigation of 
phishing as well as number of other security related
activities.

-----Original Message-----
>From: Margie Milam <Margie.Milam@xxxxxxxxxxxxxxx>
>Sent: May 21, 2007 10:23 AM
>To: gnso-acc-sgb@xxxxxxxxx
>Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
>
>Jeff,
>
>Where is your evidence that banks do not investigate Whois in this
>manner?   At MarkMonitor, we provide these services to many banks, both
>domestic and international, in connection with their anti-phishing
>initiatives. There are many other service providers in this industry
>conducting similar investigations on behalf of banks.   In addition,
>there are some larger banks that have developed sophisticated in-house
>teams to combat phishing and other anti-fraud initiatives which use
>WHOIS for this purpose.  
>
>Our group needs to understand the usefulness of this information in
>protecting the privacy of individuals who may fall prey to phishing
>attacks and inadvertently disclose their personal financial information
>to criminals.   By understanding this and the other legitimate uses of
>WHOIS, hopefully we can develop a WHOIS policy that takes into account
>all of these interests.
>
>Margie 
>
>
>
> 
>
>
>
>-----Original Message-----
>From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
>On Behalf Of Jeff Williams
>Sent: Sunday, May 20, 2007 11:19 PM
>To: gnso-acc-sgb@xxxxxxxxx
>Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
>
>Margie and all sgb members,
>
>  Of course your assuming that there has been no transfer to another
>registrar of the legitimate banks domain name, and that even the
>original
>registration was accurate and up to date, and assumption which some
>time ago with in the sex.com case as an example is dubious at best,
>and one as a forensic data security investigator on occasion, I would
>never make.
>
>  However as many if not most banks do not have such expertise
>in house or even consider such a level of investigation is necessary,
>your senerio/example brings another consideration as to what rules
>need to be in place for viable and/or technically legitimate third
>party accessors to be considered or allowed as same.
>
>Margie Milam wrote:
>
>> For Phishing  related purposes, Domain name WHOIS is definitely used.
>>
>> I'll give an example, although this not the only way WHOIS is used.
>Assume there is a new domain name registered with the bank's name  i.e,
>bankname-onlinebankingservices.com .  The registrant's WHOIS information
>(including the information that would be shielded under OPOC) is used to
>confirm whether the bank or some other party is the registrant of the
>new domain name, as this information  is compared to the legitimate
>WHOIS of domain names that are registered by the bank.   In this regard,
>the email is usually the piece of information that is most revealing as
>it would not be an email address from the bank's email service but from
>another provider (ie margie@xxxxxxx).   If the registrant information
>does not match known WHOIS of the bank,  this is a red flag indicating
>that this might be a phish and additional analysis is required.
>>
>> Margie
>>
>>
>>
>>         -----Original Message-----
>>         From: owner-gnso-acc-sgb@xxxxxxxxx on behalf of Jeff Williams
>>         Sent: Thu 5/17/2007 11:36 PM
>>         To: gnso-acc-sgb@xxxxxxxxx
>>         Cc:
>>         Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish
>statistics
>>
>>
>>
>>         Dr. Dierker and all,
>>
>>           By IP issues Milton was talking about IP addresses, ergo IP
>Whois vs
>>         DNS Whois.
>>
>>           And yes, in regards to Phishing attacks, Patrick earlier
>brought
>>         up and broadened the scope of Whois data as these sorts of
>>         attacks being fraud and involving "IP Whois data" as to
>access,
>>         are relevant to determining how, who and under what set of
>>         conditions ALL Whois data is available or utilized.  What I
>>         do not know is if "IP Whois data" is actually within the scope
>>         of this WG and sub groups.  Maybe Milton can answer that??
>>
>>           If so, another reference for getting an idea of how serious
>>         various forms of Phishing attacks are see:
>>         http://www.ipgovernance.com/News_on_Phishing__Identity.html
>>
>>           What concerns me most is the increasing frequency from Banks
>>         of Phishing attacks by disgruntled Bank employees.
>>
>>         Hugh Dierker wrote:
>>
>>         >    Sorry Milton,
>>         >
>>         >   But aren't you just asking for more questions regarding
>"scope". I
>>         > wholeheartedly agree with your assessment. But I was trying
>to avoid
>>         > the IP issues in both a and b work.
>>         >
>>         >   Eric
>>         >
>>         > Milton Mueller <mueller@xxxxxxx> wrote:
>>         >   Remember, its not just whether "whois" is used, it's
>whether its DNS
>>         > (as
>>         > opposed to IP) whois and whether the sensitive fields
>shielded by the
>>         > OPoC recommendation are used.
>>         >
>>         > Dr. Milton Mueller
>>         > Syracuse University School of Information Studies
>>         > http://www.digital-convergence.org
>>         > http://www.internetgovernance.org
>>         >
>>         > >>> "Patrick Cain"
>>         > 05/16/07 10:55 AM >>>
>>         > Hi,
>>         >
>>         > I am unaware of any such specific correlating statistic.
>>         > The APWG has been leading an informal group to document the
>various
>>         > uses
>>         > of
>>         > Whois data in phishing detection and mitigation. As soon as
>I get the
>>         > ok
>>         > from the authors, I'll forward it to the group as background
>>         > information.
>>         >
>>         > Pat Cain
>>         >
>>         > -----Original Message-----
>>         > From: owner-gnso-acc-sgb@xxxxxxxxx
>>         > [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
>>         > On
>>         > Behalf Of Milton Mueller
>>         > Sent: Tuesday, May 15, 2007 11:56 PM
>>         > To: gnso-acc-sgb@xxxxxxxxx; met@xxxxxxx; cgibson@xxxxxxxxxxx
>>         > Cc: gnso-whois-wg@xxxxxxxxx
>>         > Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch
>Govcert
>>         > procedure
>>         >
>>         > Christopher:
>>         > Are there any statistics establishing a correlation between
>phishing
>>         > takedowns and access to street address, email or phone
>number in the
>>         > public
>>         > whois?
>>         >
>>         > Dr. Milton Mueller
>>         > Syracuse University School of Information Studies
>>         > http://www.digital-convergence.org
>>         > http://www.internetgovernance.org
>>         >
>>         > >>> "Christopher Gibson" 05/15/07 3:07 PM >>>
>>         > Given some of the legitimate uses of WHOIS data to combat
>fraudulent
>>         > practices, here is a snapshot from the March Anti-Phishing
>Working
>>         > Group
>>         > (APWG) statistics that might be helpful to consider.
>Statistical
>>         > Highlights
>>         > for March 2007:
>>         >
>>         >
>>         >
>>         >
>>         >
>>         >
>>
>>         Regards,
>>         --
>>         Jeffrey A. Williams
>>         Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
>strong!)
>>         "Obedience of the law is the greatest freedom" -
>>            Abraham Lincoln
>>
>>         "Credit should go with the performance of duty and not with
>what is
>>         very often the accident of glory" - Theodore Roosevelt
>>
>>         "If the probability be called P; the injury, L; and the
>burden, B;
>>         liability depends upon whether B is less than L multiplied by
>>         P: i.e., whether B is less than PL."
>>         United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>>
>===============================================================
>>         Updated 1/26/04
>>         CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>>         IDNS. div. of Information Network Eng.  INEG. INC.
>>         ABA member in good standing member ID 01257402
>>         E-Mail jwkckid1@xxxxxxxxxxxxx
>>          Registered Email addr with the USPS
>>         Contact Number: 214-244-4827
>>
>>
>>
>
>Regards,
>
>--
>Jeffrey A. Williams
>Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>"Obedience of the law is the greatest freedom" -
>   Abraham Lincoln
>
>"Credit should go with the performance of duty and not with what is
>very often the accident of glory" - Theodore Roosevelt
>
>"If the probability be called P; the injury, L; and the burden, B;
>liability depends upon whether B is less than L multiplied by
>P: i.e., whether B is less than PL."
>United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
>===============================================================
>Updated 1/26/04
>CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>IDNS. div. of Information Network Eng.  INEG. INC.
>ABA member in good standing member ID 01257402
>E-Mail jwkckid1@xxxxxxxxxxxxx
> Registered Email addr with the USPS
>Contact Number: 214-244-4827
>
>
>
Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS Contact Number: 214-244-4827





<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy