<<<
Chronological Index
>>> <<<
Thread Index
>>>
RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- To: gnso-acc-sgb@xxxxxxxxx
- Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
- From: jwkckid1@xxxxxxxxxxxxx
- Date: Mon, 21 May 2007 15:13:58 -0500 (GMT-05:00)
Margie and all sgb members,
For evidance see sans.org as only one address where there
are many examples, too many to list here.
As I am not your personal research assistant, and I always
do my homework as well as have been directly involved with
a number of larger banks in the traning of such personel for
purposes of same on more than one occasion, I know that many
if not most banks regardless of size are not reasonable
able or very weak in doing a in depth investigation of
phishing as well as number of other security related
activities.
-----Original Message-----
>From: Margie Milam <Margie.Milam@xxxxxxxxxxxxxxx>
>Sent: May 21, 2007 10:23 AM
>To: gnso-acc-sgb@xxxxxxxxx
>Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
>
>Jeff,
>
>Where is your evidence that banks do not investigate Whois in this
>manner? At MarkMonitor, we provide these services to many banks, both
>domestic and international, in connection with their anti-phishing
>initiatives. There are many other service providers in this industry
>conducting similar investigations on behalf of banks. In addition,
>there are some larger banks that have developed sophisticated in-house
>teams to combat phishing and other anti-fraud initiatives which use
>WHOIS for this purpose.
>
>Our group needs to understand the usefulness of this information in
>protecting the privacy of individuals who may fall prey to phishing
>attacks and inadvertently disclose their personal financial information
>to criminals. By understanding this and the other legitimate uses of
>WHOIS, hopefully we can develop a WHOIS policy that takes into account
>all of these interests.
>
>Margie
>
>
>
>
>
>
>
>-----Original Message-----
>From: owner-gnso-acc-sgb@xxxxxxxxx [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
>On Behalf Of Jeff Williams
>Sent: Sunday, May 20, 2007 11:19 PM
>To: gnso-acc-sgb@xxxxxxxxx
>Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish statistics
>
>Margie and all sgb members,
>
> Of course your assuming that there has been no transfer to another
>registrar of the legitimate banks domain name, and that even the
>original
>registration was accurate and up to date, and assumption which some
>time ago with in the sex.com case as an example is dubious at best,
>and one as a forensic data security investigator on occasion, I would
>never make.
>
> However as many if not most banks do not have such expertise
>in house or even consider such a level of investigation is necessary,
>your senerio/example brings another consideration as to what rules
>need to be in place for viable and/or technically legitimate third
>party accessors to be considered or allowed as same.
>
>Margie Milam wrote:
>
>> For Phishing related purposes, Domain name WHOIS is definitely used.
>>
>> I'll give an example, although this not the only way WHOIS is used.
>Assume there is a new domain name registered with the bank's name i.e,
>bankname-onlinebankingservices.com . The registrant's WHOIS information
>(including the information that would be shielded under OPOC) is used to
>confirm whether the bank or some other party is the registrant of the
>new domain name, as this information is compared to the legitimate
>WHOIS of domain names that are registered by the bank. In this regard,
>the email is usually the piece of information that is most revealing as
>it would not be an email address from the bank's email service but from
>another provider (ie margie@xxxxxxx). If the registrant information
>does not match known WHOIS of the bank, this is a red flag indicating
>that this might be a phish and additional analysis is required.
>>
>> Margie
>>
>>
>>
>> -----Original Message-----
>> From: owner-gnso-acc-sgb@xxxxxxxxx on behalf of Jeff Williams
>> Sent: Thu 5/17/2007 11:36 PM
>> To: gnso-acc-sgb@xxxxxxxxx
>> Cc:
>> Subject: Re: [gnso-acc-sgb] RE: [gnso-whois-wg] Phish
>statistics
>>
>>
>>
>> Dr. Dierker and all,
>>
>> By IP issues Milton was talking about IP addresses, ergo IP
>Whois vs
>> DNS Whois.
>>
>> And yes, in regards to Phishing attacks, Patrick earlier
>brought
>> up and broadened the scope of Whois data as these sorts of
>> attacks being fraud and involving "IP Whois data" as to
>access,
>> are relevant to determining how, who and under what set of
>> conditions ALL Whois data is available or utilized. What I
>> do not know is if "IP Whois data" is actually within the scope
>> of this WG and sub groups. Maybe Milton can answer that??
>>
>> If so, another reference for getting an idea of how serious
>> various forms of Phishing attacks are see:
>> http://www.ipgovernance.com/News_on_Phishing__Identity.html
>>
>> What concerns me most is the increasing frequency from Banks
>> of Phishing attacks by disgruntled Bank employees.
>>
>> Hugh Dierker wrote:
>>
>> > Sorry Milton,
>> >
>> > But aren't you just asking for more questions regarding
>"scope". I
>> > wholeheartedly agree with your assessment. But I was trying
>to avoid
>> > the IP issues in both a and b work.
>> >
>> > Eric
>> >
>> > Milton Mueller <mueller@xxxxxxx> wrote:
>> > Remember, its not just whether "whois" is used, it's
>whether its DNS
>> > (as
>> > opposed to IP) whois and whether the sensitive fields
>shielded by the
>> > OPoC recommendation are used.
>> >
>> > Dr. Milton Mueller
>> > Syracuse University School of Information Studies
>> > http://www.digital-convergence.org
>> > http://www.internetgovernance.org
>> >
>> > >>> "Patrick Cain"
>> > 05/16/07 10:55 AM >>>
>> > Hi,
>> >
>> > I am unaware of any such specific correlating statistic.
>> > The APWG has been leading an informal group to document the
>various
>> > uses
>> > of
>> > Whois data in phishing detection and mitigation. As soon as
>I get the
>> > ok
>> > from the authors, I'll forward it to the group as background
>> > information.
>> >
>> > Pat Cain
>> >
>> > -----Original Message-----
>> > From: owner-gnso-acc-sgb@xxxxxxxxx
>> > [mailto:owner-gnso-acc-sgb@xxxxxxxxx]
>> > On
>> > Behalf Of Milton Mueller
>> > Sent: Tuesday, May 15, 2007 11:56 PM
>> > To: gnso-acc-sgb@xxxxxxxxx; met@xxxxxxx; cgibson@xxxxxxxxxxx
>> > Cc: gnso-whois-wg@xxxxxxxxx
>> > Subject: RE: [gnso-acc-sgb] RE: [gnso-whois-wg] Dutch
>Govcert
>> > procedure
>> >
>> > Christopher:
>> > Are there any statistics establishing a correlation between
>phishing
>> > takedowns and access to street address, email or phone
>number in the
>> > public
>> > whois?
>> >
>> > Dr. Milton Mueller
>> > Syracuse University School of Information Studies
>> > http://www.digital-convergence.org
>> > http://www.internetgovernance.org
>> >
>> > >>> "Christopher Gibson" 05/15/07 3:07 PM >>>
>> > Given some of the legitimate uses of WHOIS data to combat
>fraudulent
>> > practices, here is a snapshot from the March Anti-Phishing
>Working
>> > Group
>> > (APWG) statistics that might be helpful to consider.
>Statistical
>> > Highlights
>> > for March 2007:
>> >
>> >
>> >
>> >
>> >
>> >
>>
>> Regards,
>> --
>> Jeffrey A. Williams
>> Spokesman for INEGroup LLA. - (Over 134k members/stakeholders
>strong!)
>> "Obedience of the law is the greatest freedom" -
>> Abraham Lincoln
>>
>> "Credit should go with the performance of duty and not with
>what is
>> very often the accident of glory" - Theodore Roosevelt
>>
>> "If the probability be called P; the injury, L; and the
>burden, B;
>> liability depends upon whether B is less than L multiplied by
>> P: i.e., whether B is less than PL."
>> United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
>>
>===============================================================
>> Updated 1/26/04
>> CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>> IDNS. div. of Information Network Eng. INEG. INC.
>> ABA member in good standing member ID 01257402
>> E-Mail jwkckid1@xxxxxxxxxxxxx
>> Registered Email addr with the USPS
>> Contact Number: 214-244-4827
>>
>>
>>
>
>Regards,
>
>--
>Jeffrey A. Williams
>Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
>"Obedience of the law is the greatest freedom" -
> Abraham Lincoln
>
>"Credit should go with the performance of duty and not with what is
>very often the accident of glory" - Theodore Roosevelt
>
>"If the probability be called P; the injury, L; and the burden, B;
>liability depends upon whether B is less than L multiplied by
>P: i.e., whether B is less than PL."
>United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
>===============================================================
>Updated 1/26/04
>CSO/DIR. Internet Network Eng. SR. Eng. Network data security
>IDNS. div. of Information Network Eng. INEG. INC.
>ABA member in good standing member ID 01257402
>E-Mail jwkckid1@xxxxxxxxxxxxx
> Registered Email addr with the USPS
>Contact Number: 214-244-4827
>
>
>
Regards,
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 134k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
Abraham Lincoln
"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt
"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng. INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Registered Email addr with the USPS Contact Number: 214-244-4827
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|