14 March 2005

Gmail Phishing continues: XML to the rescue!

They're going after more than G-Mail. G-Mail phishing may include an alert, and give you a warning what to do.

Here's a sample of the bogus e-mail and the news release from Feb 05. This has been going on before November in September.

  • What creative ways could this be eliminated?

  • How could XML feed technology be used to hunt down these phishers?

    The one thing the Phisher does not expect is to have a honeypot given to them.

    If selected people who received this message were given different honeypots, then it would increase the chances of detection.

    I'd encourage the XML community to see how they can work with law enforcement to create honeypots that end-users can quickly access and provide. If the courts are willing, there could be quite a surprise waiting.

    What's needed is a quick notification system: Both of the arrival of the phishing; and then a quick coordination between law enforcement and the public in providing a coordinated-believable response.

    Alot of energy has been put into Tsunami and earthquake alerts. We've been told it is very easy to do. Why not do the same for online scams?


  • They're going after more than G-Mail. G-Mail phishing may include an alert, and give you a warning what to do.

    Here's a sample of the bogus e-mail and the news release from Feb 05. This has been going on before November in September.

  • What creative ways could this be eliminated?

  • How could XML feed technology be used to hunt down these phishers?

    The one thing the Phisher does not expect is to have a honeypot given to them.

    If selected people who received this message were given different honeypots, then it would increase the chances of detection.

    I'd encourage the XML community to see how they can work with law enforcement to create honeypots that end-users can quickly access and provide. If the courts are willing, there could be quite a surprise waiting.

    What's needed is a quick notification system: Both of the arrival of the phishing; and then a quick coordination between law enforcement and the public in providing a coordinated-believable response.

    Alot of energy has been put into Tsunami and earthquake alerts. We've been told it is very easy to do. Why not do the same for online scams?


    " />