With all the recent talk about phishing on ZombieNexus, I thought I'd share what I know about it and some useful resources.
The best place to go for information on Phishing is APWG (the Anti-Phishing Working Group). They have up to date info on the current and past phishing scams, as well as a phishing scam submission engine.
As the rule goes, prevention is better than cure. So the idea is not to receive the phishing emails in the first place. Phishing is basically a very evil and illegal for of SPAM, so basically you need to apply similar technologies or methods to prevent it. If you receive a lot of SPAM, maybe its time to get a new email address. General rules to preventing SPAM:
- Don't give your email address out easily, only when absolutely necessary
- Have a separate account for things like forums, registered access only sites and for when you have to give your address to download something
- Don't use the above account for purchases
However, no matter how hard you try, you will get SPAM sooner or later. Web-mail providers like Hotmail and Yahoo provide pretty good junk mail (SPAM) filters, Google's G-Mail goes one better and also has a phishing reporting tool. Many ISP's may provide SPAM filtering too, but it often has to be turned on in your account settings, so contact them or look at their support pages for more information.
You can also install a local SPAM filter. These won't save your bandwidth, so if you receive SPAM you will still have to download it from the mail server and let your local SPAM filter take a look at it, but it will help by classifying anything that gets to your mailbox as SPAM or not. I have used a few over the years. There are many FREE ones out there, so have a good look around. These ones I have used and seem to work OK:
Netcraft produce an Internet Explorer and Firefox Anti-Phishing toolbar. This seems to work pretty well, and also allows you to report phishing attempts. I've also heard that Netcraft reward the reporting of new scams with things like mugs and t-shirts which is a nice little incentive.
This will certainly help in the meantime while the browser makers try to implement their own, more robust built-in systems. I know Internet Explorer 7 will definitely include quite a bit of anti-phishing technology, and I expect future versions of Firefox will too. Opera already has some anti-phishing technology built in, but I expect Opera to make it more sophisticated as time goes on the the phishing gets worse.
You can also report phishing scams directly to several organizations. Generally you can forward the emails to the APWG, but most big companies like eBay and PayPal have email addresses for scam reporting too.
Finally, if you want to know more about phishing, theres a very in-depth article on it at HoneyNet. I warn you that its long and quite in-depth, but its very detailed and useful if you want to understand phishing better.