Video Screencast Help
Security Response

Castlecops Celebrates Five Years of "Phighting" Phish

Created: 06 Feb 2007 08:00:00 GMT • Updated: 23 Jan 2014 18:52:52 GMT
Zulfikar Ramzan's picture
0 0 Votes
Login to vote

Castlecops, a volunteer-run organization that has made tremendous waves in fighting phishing, announced a sweepstakesto celebrate their five-year anniversary. A number of security vendors,including Symantec, have contributed prizes to the contest. Inaddition, Castlecops receives a list of verified phishing sites fromSymantec through the Phish Report Network.

For those who don’t know, Castlecops runs the Phish IncidentReporting and Termination (PIRT) task force. If you find a legitimatephishing site and report it to them, Castlecops does the leg work tohelp take the site down before it does additional damage. In addition,they collect information to work with law enforcement. If the phisherhas stored stolen credentials (e.g., passwords, credit card numbers,bank account numbers, social security numbers, etc.) directly on theWeb server that he or she compromised, then there is a chance that aswift takedown can keep those credentials from causing the victimfinancial harm.

Site takedown can be a fairly elaborate process. First, you may bedealing with sites that are hosted in different parts of the world, soyou have to overcome language and communication issues. Second, inorder to talk to the right people, you have to have good relationshipswith Internet service providers and Web hosting companies. Third, it’simportant to keep in mind that phish sites sometimes host malicioussoftware, so you have to be careful that the machine you are using alsodoes not get infected with a virus. If it does get infected, you shouldhave an environment that can contain the damage.

Also, in conjunction with a single site take down, it’s important tolook through the directories to see if multiple phishing sites arehosted on the same server. This situation happens surprisingly often.Sometimes, you can find the actual phishing kit used in the attack, andthis information can prove valuable in preventing phishers fromretrieving the information they have stolen. (For example, somephishers use an email address as a “drop” where stolen credentials aresent – if the email is from a free provider, that provider canpotentially be contacted.) On top of that, one has to keep track of anyinformation that might be helpful to law enforcement.

As you can see, doing takedowns can be hard work, and there are anumber of subtleties. It’s very laudable that Castlecops has sustainedits ability to provide volunteer services. They have probably savedindividual victims (and potential victims) literally millions ofdollars. Their acts shift the economic balance of phishing attacks – ifwe can shift the balance even more and make it unprofitable forphishers to carry out their actions, then we’ll help eliminate thephishing problem. Please join me in congratulating Castlecops on theirfive-year anniversary and in wishing them good luck in the future! Ifyou'd like more information, please visit the Castlecops Web site.