Despite the continued efforts of researchers, security providers and online businesses to discourage phishing schemes and shut down related Web sites, some criminals are still able to flout the system and find ways to keep their illicit operations up and running.
An example of one type of phishing attempt that still manages to frustrate do-gooders appeared online in early November, in the form of a Christmas-themed Web site that mimics the name, look and feel of online auctioneer eBay Inc. in an effort to steal its customers account and password information.
However, unlike the scores of unlawful sites discovered and successfully shuttered by eBay each month, this particular phishing site, which wont be named for the sake of protecting consumers, continues to exist as a nuisance.
At the heart of the problem of taking this phishing site offline is the fact that the ISP and domain registrar responsible for supporting the Web page reportedly hasnt responded to requests from eBay and others demanding that the unlawful operation be pulled from the Internet.
The company that sold the domain name, Joker.com, based in Zug, Switzerland, isnt returning calls seeking information on the Web site in question, which leaves eBay in the unhappy position of being forced to explore other avenues for getting the site offline, the San Jose, Calif., company said.
According to Hani Durzy, a spokesperson for eBay, his company shuts down 80 to 90 percent of the phishing sites it unearths within 48 hours of finding the pages. However, in cases where something like an unresponsive ISP or domain registrar appears as a roadblock, the companys hands can be tied.
Another challenge in stopping this particular phishing scheme is that the fraudulent site appears to be hosted on a number of different computers, potentially without the knowledge of those machines owners if the devices have been infiltrated by some form of virus or malicious program, Durzy said.
“Were good at getting things shut down but were not perfect; some ISPs and other unwitting hosts of spoof sites are beyond even our reach,” he said. “Were doing more than ever to fight this type of thing, but sometimes we strike out when it comes to trying to get these sites shut down. Unfortunately, some of the bad guys are smart too, and from the way this site is hosted it may be almost impossible to block it permanently.”
One of the first people to publicly identify the eBay Christmas phishing site and attempt to make contact with Joker.com was Richi Jennings, a representative for FixingEmail.org, a nonprofit group that works to educate consumers about the dangers of attacks borne by e-mail. Jennings said the site may have been up as early as Nov. 8 and that it has actively moved its host location from day to day.
For instance, Jennings said that as of early Monday, the site in question was hosted on a machine using Time Warner Inc.s Road Runner broadband service in the United States, but he believes it moved to a computer somewhere in China later in the day, making it much harder to locate the sites creators.
Jennings said the site was registered through Joker.com with a bogus e-mail address and it will be tough to bring the operation down until someone at the ISP responds.
“This is a perfect illustration of phishers getting smarter, as the domain registrar is unresponsive to everyone,” Jennings said. “Usually these types of companies are good at responding to phishing and taking down sites, but in this case the company appears to be a black hole, which is really worrying.”
Jennings said the attack looks to have been targeted at U.K. consumers, as he received the original spam e-mail advertising the phishing site in an account bearing a .uk domain address.
The combination of a believable copy of eBays pages with the unresponsive ISP, and launched during the holidays, when more consumers are shopping online than any other time of the year, proves that phishing schemes are still a serious problem, Jennings said.
“The main issue here is that the domain registrar is not doing its job and being responsible,” he said. “If you put yourself in the position of someone who wants to be a successful phisher, youre looking for someone like Joker.com with a reputation for being phisher-friendly … then the people start working that angle until someone stops them.”
Fighting Phishers Through Education
eBays Durzy said the company continues to dedicate the majority of its focus, not to pursuing phishers, but to educating customers about the problem.
The firm is also encouraging users to download its Web browser tool bar, which warns users when they visit sites that appear to be eBay spoofs.
Durzy said the toolbar application successfully denotes the page in question as fraudulent when someone points the browser to the address.
Durzy said eBay also continues to work with law enforcement officials to report and provide information on phishers and other online criminals, to help go after schemers outside the boundaries of the Web.
Some experts contend that the phishing problem will continue to haunt the Web, and high-profile e-commerce players such as eBay, as long as criminals can figure out new ways to dupe consumers and avoid prosecution, or as long as the schemes keep paying off.
Todd Bransford, vice president of marketing for online-security management services provider Cyveillance Inc. of Arlington, Va., said attacks on eBay and large financials institutions still account for a majority of the phishing threats his company tracks, but the firm also sees phishing moving out in new directions.
He said eBay has done a good job of informing and protecting its customers, but he believes that phishers will continue to aim attacks at the auction site and its PayPal division as long as those efforts keep making money.
“Its interesting, we still see a disproportionate number of attacks on eBay and PayPal, even though eBay is being very aggressive against it, as those user IDs are like gold to the criminals,” Bransford said. “But phishers are also moving downstream to credit unions and other financial services companies that might not be as savvy as larger banks, hotels are having more problems with frequent flier programs, and even insurance companies are being phished.”
While he said consumers have become increasingly savvy about avoiding the fraudulent sites, in part through the customer education efforts of eBay and other frequent targets, Bransford said he sees other problems emerging in the phishing arena, including a growing number of spyware applications loaded onto peoples computers by the sites.
“Phishing is moving cross-industry, perhaps because people have gotten smarter, but its moving into new areas all the time,” he said. “In cases such as this where the criminals have figured out some way to keep their site up longer, you only wonder how many people will get tricked.”