> I should probably publish this document at some point
I'd be interested in seeing it. It sounds like a pretty good idea. It's incredible to me how effective even the worst phishing email/sites are and to me that's an indication that not enough is being done to point out clear warning signs to users.
> Phishing sites themselves are all over the place and working with hosting abuse teams to take them down is a gargantuan task. Working with a shortener who's linking to it to take it down would prevent every recipient of the message from being duped.
The URL shorteners can be the worst. They don't seem to care who creates a link to something, and don't do even basic checking of whats at the other end. You'd think a person creating a link to yet another URL shortener would set off major flags, but they don't seem to care.
Same with survey/form sites that keep being hijacked for phishing purposes. They don't bother with even basic checking for scams either. If someone creates a form with a password field that'd be easy to flag for review, but it doesn't happen. I can report a bunch of identical phishing sites that were created with URLs like:
random_form_builder_site.com/targetcompanyname001
random_form_builder_site.com/targetcompanyname002
random_form_builder_site.com/targetcompanyname003
and while they'll generally take them down, they'll do nothing to prevent:
random_form_builder_site.com/targetcompanyname004
random_form_builder_site.com/targetcompanyname005
random_form_builder_site.com/targetcompanyname006
from being created. Not checking for targetcompanyname in the url of new forms/surveys, and not bothering to check to see if the 12 new sites someone just created are identical to the last 12 they were asked to disable.
Anything that can be done to help make those sites less attractive to users before they even click the link in the email they got would really help.
I'd be interested in seeing it. It sounds like a pretty good idea. It's incredible to me how effective even the worst phishing email/sites are and to me that's an indication that not enough is being done to point out clear warning signs to users.
> Phishing sites themselves are all over the place and working with hosting abuse teams to take them down is a gargantuan task. Working with a shortener who's linking to it to take it down would prevent every recipient of the message from being duped.
The URL shorteners can be the worst. They don't seem to care who creates a link to something, and don't do even basic checking of whats at the other end. You'd think a person creating a link to yet another URL shortener would set off major flags, but they don't seem to care.
Same with survey/form sites that keep being hijacked for phishing purposes. They don't bother with even basic checking for scams either. If someone creates a form with a password field that'd be easy to flag for review, but it doesn't happen. I can report a bunch of identical phishing sites that were created with URLs like: random_form_builder_site.com/targetcompanyname001
random_form_builder_site.com/targetcompanyname002
random_form_builder_site.com/targetcompanyname003
and while they'll generally take them down, they'll do nothing to prevent:
random_form_builder_site.com/targetcompanyname004
random_form_builder_site.com/targetcompanyname005
random_form_builder_site.com/targetcompanyname006
from being created. Not checking for targetcompanyname in the url of new forms/surveys, and not bothering to check to see if the 12 new sites someone just created are identical to the last 12 they were asked to disable.
Anything that can be done to help make those sites less attractive to users before they even click the link in the email they got would really help.