Comments on: What companies can do to avoid phishing scams https://www.brandonchecketts.com/archives/what-companies-can-do-to-avoid-phishing-scams Web Programming, Linux System Administation, and Entrepreneurship in Athens Georgia Sun, 07 Jan 2007 15:40:09 +0000 hourly 1 https://wordpress.org/?v=6.9.1 By: Brandon https://www.brandonchecketts.com/archives/what-companies-can-do-to-avoid-phishing-scams/comment-page-1#comment-11 Sun, 07 Jan 2007 15:40:09 +0000 http://www.brandonchecketts.com/archives/23#comment-11 After being torn apart on a comment I posted on Michael Sutton’s blog that I referenced, I was torn apart there.

Nick pointed out this Washington Post article
https://blog.washingtonpost.com/securityfix/2006/08/using_images_to_fight_phishing.html
that explains that e-Gold actually did this for some time (not sure if they still do). After reading the Washington Post article, I think that the targets may
have more to gain by letting the phishers continue to link to their images. At least that way they can identify the ‘unprofessional’ phishers and work to shut them down.

Since most phishing attacks end up sending the user back to the legitimate site, I think the idea of checking the referrer at that point against a list of known phishing sites still has some merit. Even if the referrer is a known
redirector, it could still raise flags. This could potentially alert the legitimate user that their personal information may have been stolen, or deny large withdrawls from the user’s account until the customer’s identity has been further verified.

]]>