Windows XP: Phishing or "Spoofs"

Some notes...

by John.Wilkinson  - 4/24/06 2:41 PM

There's no way to completely protect your site because of how many of the attacks work:

1.) I could send out e-mails, spoofing your e-mail address, telling all of your customers that my (your) server lost the data and I need them to resubmit all of their financial information, then link to my own site for said submission or give an alternative e-mail address for them to respond to.

As a preventative measure, make sure all of your customers know that:
* They should be watchful for strange or untimely e-mails.
* If they receive an e-mail requesting information, to contact you through a pre-defined e-mail address...if it's different from the one in the e-mail, don't do it.
* You'll never include a link or URL to a site that requests personal information. Instead, you'll always include directions to go to your legitimate pre-defined site and follow instructions from there.
-------------------------------------------------------
2.) Remind all of your users/members/customers that they should have a firewall, antivirus, and antispyware software and keep it updated. Also, I'd highly recommend having them all download Netcraft Toolbar and SiteAdvisor, two browser addons that help detect phishing and other illegitimate sites. Both addons are available for Internet Explorer and Firefox.
--------------------------------------------------------
3.) Make sure they are careful about typing in the url to goto your website....scammers feed on typos. For instance, some months ago a site gooogle.com (note the extra 'o') fed off those that meant to use the search engine Google. Also, WhiteHouse.com used to be a pornographic website catching many people off guard, mistakenly using .com instead of .gov.
--------------------------------------------------------
4.) Make sure your site is secured so that it's not taken over by hackers, or that personal information of others is not accidentally revealed...fastest way to lose people.
--------------------------------------------------------
5.) To ban people from your site you can block them by IP (internet protocol) address. However, this is far from foolproof. Those on dial-up usually receive a new IP address every time they log back in, and those on DSL/cable internet can usually obtain a new one by unplugging their modem for a certain length of time. Thus, the person can slip back in shortly. You could block an entire range of IP addresses to try to assue that he/she can't come back, but that will block others from that area from accessing your site as well.

Also, someone could use a proxy server to blow right past the IP restrictions. That is, they'd access your site through someone else's connection so you'd see the other person's IP address, not the one you're trying to block. He/she could switch proxies every few minutes, so there's no way of blocking a determined person using this method.

Depending on what your site is, the most effective way would be to create a login so only those with a valid username and password can access it. However, that's not appropriate in most cases since you'd want the average person to be able to drop by.

You can also look into MAC address blocking, which goes by a code on the person's networking hardware. While it can also be spoofed it's a little better than IP address blocking.
-------------------------------------------------------
When it comes down to it, nothing is fool-proof. The best you can do is tell visitors to be careful (using the above guidelines), make sure you secure the site from prying eyes (look for backdoors and flaws in the code), and be prepared to handle the occasional miscreant. If it gets bad enough, you can always contact the proper authorities.

Hope this helps,
John