phishing

How do you combat website spoofing/phishing?

What is your suggested solution for the threat of website UI spoofing? ...

how do I get rid of the secure nonsecure warning on page with iframe under SSL with phishing filter?

I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an idea what I can do in order to get rid ...

Murphy's Law applied to Internet Security

I'm a fanatic of Murphy's Law and I have it in mind at programming time. There are a lot of "applied" versions in a variety of fields. Maybe (as stack overflow users) we can compile a list of them applied to Internet Security. I suggest this because in times of phishing, XSS, CSRF and a lot more of treats surrounding the programmer and t...

gravatar phishing - big deal?

Gravatar is linked to email address. If I enter somebody else's email - I can use his/her photo as avatar and that someone won't like it. So the obvious solution is - validate email - which some other people will not like either. The question is - is it worth setting up email validation for the purpose of making sure that stealing avat...

spoofing e phishing

Hi I created a small web application to send emails. when i send an email Hotmail considers it as spoofing e phishing how can i sort this problem? thanks ...

Test data for Anti Phising Tool testing

Hi All, I am in urgent need for latest live phishing and fraud site url for testing Anti Phishing tool. Can I get list or source from where I can get few Phished/Fraud URL list for testing .... THanks Nav ...

OAuth and phishing vulnerabilities, are they inexorably tied together?

I've been doing a fair bit of work with OAuth recently, and I have to say that I really like it. I like the concept, and I like how it provides a low barrier-of-entry for your users to connect up the external data to your site (or for you to provide the data apis for consumption externally). Personally, I've always balked at sites that...

List of free hosted domains (phishing prevention)

Does anyone has a compiled list of free hosting domains? On my website, when user clicks on external link I want them to be redirected to my page that will check if that external link is on free hosting or not. If it is, I want to warn the user, but right now I can't find a list of such domains. Any help? ...

Website url whitelists

I'm building a user content parser and am adding an automatic link parser. I'm adding a dialogue, that confirms that the user wants to go to the particular site being linked to. This is for two reasons. Anti phishing and spam combating. However I want to be able to disable both the dialogue and nofollow additions with commonly used websi...

What are the best ways to prevent your website from being Phished?

What are the best ways to prevent your website from being Phished? Please cite some technical suggestions and references if possible. Thank you! ...

List of bank domains to stop phish

I'm looking for a full list of bank domain names to include in an anti-phish routine I'm planning, does anyone have a list/URL? ...

What does this suspicious phishing code do?

A few of my non-IT coworkers opened a .html attachment in an email message that looks extremely suspicious. It resulted in a blank screen when it appears that some javascript code was run. <script type='text/javascript'>function uK(){};var kV='';uK.prototype = {f : function() {d=4906;var w=function(){};var u=new Date();var hK=function(...

What does this Javascript do?

I've just found out that a spammer is sending email from our domain name, pretending to be us, saying: Dear Customer, This e-mail was send by ourwebsite.com to notify you that we have temporanly prevented access to your account. We have reasons to beleive that your account may have been accessed by someone else. Ple...

Interacting with Internet Explorer's blacklist

I have a list of 100,000 domains and I need to identify which ones are blocked by IE for phishing, malware, etc. Are there any applications that interact with IE or solutions that can help me solve this problem? ...

How to defend against TabNabbing?

I got very concerned reading this genius post by Aza Raskin. What are the non-browsers solutions to defend against TabNabbing? Are there any? ...

What is the best way to stop phishing for online banking?

Phishing is a very serious problem that we face. However, banks are the biggest targets. What methods can a bank use to protect its self from phishing attacks? What methods should someone use to protect themselves. Why does it stop attacks? ...

How can i use safe-browsing application object to determine whether a url is reported as phishing site or malware site?

Here is code snippet: Components.classes['@mozilla.org/safebrowsing/application;1'] .getService().wrappedJSObject.malwareWarden.listManager_ .safeLookup(test_url, function(tableName){ if (tableName == 'goog-phish-shavar' || tableNmae == 'goog-malware-shavar') { alert('This is reported by Google! '); }...