Don’t take the phishing bait – An Update

 

By

InfoComm Security/QA, Computer Centre
National University of Singapore
Mar, 2005

 

Since the beginning of this year, the Infocomm Security group has been alerted of renewed number of phishing emails. This write-up serves as both a reminder to be wary of such attacks as well as an update to last year’s newsletter “Don’t take the phishing bait!” (https://security.nus.edu.sg/newsletter/Jun2004/Fight%20Phishing.htm) by Dr Ma Huijuan.

 

Dealing with phishing websites

 

To protect yourself against phishing websites referenced in these emails, in addition to best practices highlighted in “Don’t take the phishing bait!” article, you are encouraged to use the Netcraft anti-phishing toolbar to alert and block your access to these sites. The Netcraft anti-phishing toolbar is the best anti-phishing tool available yet (due to the database it rides upon and network control it has), after many months of spoofstick being the only available tool available that blocks the phishing sites.

 

Using the Netcraft anti-phishing toolbar, a similar alert to the following will flag out if you try to access a phishing site.

 

 

We did a careful check with our corporate antivirus vendor and verified that there are no spyware components built into it and is therefore safe to use ;-) You are therefore encouraged to use this tool.

 

This free tool can be downloaded from http://toolbar.netcraft.com. It has a set of comprehensive tutorials for installation and configuration as well as frequently asked questions (FAQ) at http://toolbar.netcraft.com/help/. Till date, this tool has proven effective in blocking all phishing websites in the phishing emails reported to our team this year.

 

Dealing with phishing emails

 

You are encouraged to contribute to our ongoing counter-measures against such phishing emails by dragging the phishing email to the spam auto-response folder at \\selftest2\spam. Once you drag the phishing email into the folder, the incident will be reported as an spam abuse complaint to the administrator managing the network where the phishing email originated from. In addition, such emails are reviewed on a regular basis to evaluate the feasibility of blocking future such emails at our Internet mail gateways.