Phishing sites and referrer

Forum Moderators: phranque

Message Too Old, No Replies

Phishing sites and referrer

Why won't banks listen to me

maccas

5:42 pm on Sep 19, 2006 (gmt 0)

What is stopping banks from having a list of scam sites (updated as soon as a new one pops up) and if the referrer is from that site display a warning? As often once the form is submitted you are redirected back to the banks legitimate site. I have emailed my bank a few times over the years telling them to do this but they either don't read my emails or it can't be done?

rocknbil

5:57 pm on Sep 19, 2006 (gmt 0)

1) The referrer can be faked, 2) the IP address from which it comes is often a compromised computer and not the source of the spam but some poor user who didn't keep his AV and firewall up to date, and 3) by the time they send the stuff they're already gone, any banning of IP addresses is more likely to ban legitimate users than put a stop to phishing.

## 3 is only partially true, I've been watching one of my older sites and notice the same IP's and classes of IP's come up in web form attacks. In any case this is only an effective approach with my constant monitoring of it - it would be a maintenance nightmare for a larger institution.

kaled

1:22 am on Sep 20, 2006 (gmt 0)

Having never followed a phishing attack, I can't comment on whether you do get directed to the bank's main site or not afterwards, but if this true, you're right that banks could use this information.

Referrer data can be spoofed, but that is not an issue since the browser itself would have to be compromised.

One possible reason that you have received no useful replies from banks is that they already do this but aren't willing to say so (since phishers would cease to forward the browsers if this became common knowledge).

Kaled.