Flushing Phishing
Seems to me the answer to the problem is simple: ISPs should be proxying known phishing sites. I’d make it an “opt-out” toggle, as only people know know what they’re doing would be crazy enough to actually want to view a known phishing site. That’s the key: being able to identify a phishing attack. I suppose this has proabably been done before, but I haven’t seen a widespread deployment of such a service (which should be free, IMHO).
Certainly, it shouldn’t be a browser’s or plugin’s responsibility – as connectivity is the lowest common denominator. I’ve got the Phishing setting toggled “on” in my OpenDNS configuration, largely because I don’t want Ponzi to be phished when I’m not around. This way, I’m protecting all the systems on my home network – not just the ones that have been upgraded to the latest browser configuration. Phishing should NOT be a problem anymore.
For more information, there’s Nigerian 419 Scams, Phishing And Vishing Fix, Phishing Season, Vishing, and Identity Theft.
What's your #1 source for Internet needs? GoDaddy has new domain names, transfers and renewals as low as $1.99. Plus, check out their hosting plans, Web site builders, secure certificates and much more. Plus, as a listener of The Chris Pirillo Show, enter code CHRIS3 and get your .COM domain name for just $6.95 a year. Get your piece of the internet at GoDaddy!
3 Comments
David
August 4th, 2006
at 11:59am
Chris,
Thanks for the kind words. I think that by building a rock solid DNS platform with the tools to help secure a users’ network we have started to put one of the fundamental pieces of the Internet back into users hands. People should have all the knobs and buttons to decide if they want phishing sites blocked, or botnets refused or spamsites hidden, etc. They have firewalls and anti-spam solutions already, and yet nobody has provided any management of the DNS before.
DNS is fundamental to our online lives and has been a blackbox for too long. ISPs don’t make it a priority which is why we’re going direct to users. I’m glad you like it, let me know if you have any more comments or feedback or ideas or whatever.
-david
Greerso
August 4th, 2006
at 7:41pm
Thanks for turning me on to this incredible service, it works flawlessly, I’ve already updated the office DNS server to forward requests to their server, my home router and my mums router.
Danny
Greg Hughes
August 4th, 2006
at 9:05pm
That’s part of an answer. It’s more complicated, though, and this approach is defensive in posture. What if you could kill the phishing sites before the emails every went out? That’s what we do. Well, that’s what our software does, I should say.
Pre-emption and prevention is the key. Otherwise you’re watching the money (and personal information) walk right out the door. A layered defense is critical, but unfortunately not enough emphasis is typically placed on the prevention side – everyone assumes all you can do is react.
Prevent >> Detect >> Investigate >> Respond
You want to live on the “prevent” end of the continuum as much as possible. As you move to the right, you get more and more victims and spend more and more money to fight the problem.