February 24, 2005

Random phishing news

Over in the phishing department, Simon pointed to a new payments blog that seems to cover phishing as well.

A company called Corillian has a 'rule base' system that analyses a company's data to see if they or their customers are getting phished (hmmm.... lost the link. They claim 90% success rate; for now, that is. Short terms solutions like these are probably necessary until the infrastructure is in place to deal with phishing where it most happens, but we shouldn't be fooling ourselves that these are any more than bandaids.

I briefly wandered by the Anti-phishing Working Group's site to see what's new in the war on phishing, and nothing much there. And, I mean nothing - there are lots of teasers, but no information. There are a lot of logos there, however, and this confirms my suspicion of the APWG as a sales forum. Their value-added is to collect all the vendors of phishing solutions for you in one place, and their value-added for vendors is to collect all customers together! My advice to any financial institution looking for help is to do your own research. You will have to anyway.

Addendum: See Phishing Club: An Addict/Enabler Nest?

Posted by iang at February 24, 2005 11:18 AM | TrackBack

We just published an article at Email Battles that came to a similar conclusion on the Anti-Phishing Working Group. You beat us by 9 months, but we had a catchier title:

Phishing Club: An Addict/Enabler Nest?

Nice work.

Posted by: BJ Gillette at November 1, 2005 09:56 PM

Thanks! You got the email wrong but I fixed it in the blog. I am told that the APWG does work hard to spread the information. But unfortunately, I have to agree that it remains infected with suppliers and purchasers and that salivating market place destroys any chance of good information being supplied.

For my money, you'll find much better information over at the anti-fraud-coffee-room:


There, we collect serious researchers together and battle out each other's proposals. It's an open forum, and commercial activity is treated rudely; which means that the participants are focused on protecting users, not phishing their wallets.

Posted by: Iang at November 2, 2005 05:40 AM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.