Tracking IPs

Identity theft is very common in my area. You often receive emails for password reset claiming to be from your bank. When people like us receive such mails, we can actually trace the page to the root domain name, and to the hosting company. The problem is that the hosting company knowing fully well that they are hosting a fraudster will often look the other way. this is because I have made several complains to domain name dealers and my complains were ignored. On the other side of the coin, the banks don't want to help you push complains, because it means investing more in security. so what do we do ?

Sose,

I'm not sure if there is a specific solution that can handle these cases as they are constantly adapting to the techniques used by systems and antivirus/antispam programs to identify them.

I guess the best bet is to always ensure the domain in the address bar is correct and valid ( I always do this when it comes to Internet banking), and then request the bank to make use of the special e-code devices used which generate a one-time code which is based on the time. This way, even if someone managed to get your credentials, all they would be able to do is view your balance as any transfers would require the e-code device.

Anyone else care to add to this topic?

In those cases, I usually find it best to teach the users how to deal with such emails. As Chris said, there is simply no definite way. The only final way to stop email phishing is to stop email it self!!

Hi,

I regularly receive emails of questionable credibility and it's always down to me, to figure out if that mail is a phishing mail or not. I normally follow what's coming next, to judge things:

1) Your bank or building society or card provider, will never ask you to change any account settings via an email. It will always always always be a phone call on your designated number. That gives them the opportunity to do the Data Protection Act checks etc. Tick in the box exercise from them, but good for you.

2) If you receive any emails and they look 'phishy', check the links posted inside the emails. If you just hover over it (not clicking it), depending on the type of email client, the underlying url will appear in the status bar or some other location, or sometimes even as a tool tip. Then you can judge for yourself if this is a credible source or not. I have seen that phishing mails have unusually long link urls which end up in a weird website that has nothing to do with the genuine party.

3) Keep sending the phishing emails or rather forward them to the respective companies e.g. your bank, or your card provider, ebay, paypal etc. Even though it seems it's falling on deaf ears, I know for certain that some of them do take action and inturn pass on details of those mails to companies like AVG etc. So in a way you end up contributing in a more robust phishing site/email scanner.

4) Use something that I call due diligence. When it comes to scams and phishing, every email from an unknown or suspicious sender is guilty unless proved innocent. If in doubt then call up the sender e.g. say it says it's coming from your bank, then call up your bank and inquire.

Hope the above helped.

Cheers

What I was insinuating is actually beyond this picture. You need two things to get on the Internet. an IP address via an ISP or a domain name via a hosting company.

What will you do if you realize that the guy next door you rented a room to is actually an arm robber ?

The UN convention on cyber crime is not working, and we cannot continue to live in a shapeless community. The US is the owner of the Internet technology which controlled by ICANN under the mandate of the department of trade and commerce. Why will a scam site be floating for more than three months knowing fully well that the user will always do stupid things.

Arani, Thanks for the guide lines.

sose wrote: Why will a scam site be floating for more than three months knowing fully well that the user will always do stupid things.

sose, You raised an interesting question. Yes ICANN controls IP numbers and DNS names, But as you know they don't control ISPs or web hosts. The later can be any where, Asia, Africa, Europe, etc...

Foreign web hosts abide usually by only local laws. So If I'm at Kuwait, and I want to scam people, even if the local law stops me, I could buy and get a host service from another country (say Bahrain or Belarus) which doesn't consider our laws. So when people complain about my site to the local authorities in Kuwait, the authorities have no jurisdiction in that other country. Their only hope is through email, and pray that the other side will respond.

Now you might say that the DNS name could be brought down by IANA/ICANN. Thats true, but what if the domain name is only a folder or a sub-domain of a wider host. For example www.abc.com/scammer or scammer.abc.com. Now, abc.com has nothing to do with the scammer, they are merely running a payed or free business. Only the scammer should be shut down. This can only be done by abc.com them selves which brings back the same jurisdiction issue above.