North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: FW: Need some help: IDEAS, Inc.

  • From: Hannigan, Martin
  • Date: Sun Sep 04 00:41:50 2005


> > > this is NOT a good solution, since a successful phish attack
> > > in this case
> > > would look exactly like the official red cross web site.
> >
> > How's that one work?
> 
> One form of DirectNIC's redirection, which the phisher was 
> supposedly using
> (I didn't check myself), uses a <FRAMESET> to hide the 
> redirect inside a
> frame, thereby not showing the real address in the browser 
> without deeper
> inspection.

Understood. If it's being pointed at redcross.org, a known
good guy site, that wouldn't be a problem, would it? It seems
that if the scammer is removed from the operation, it's not really
a problem anymore. 

I'm interested because I think there could be value in a page(s)
on an SP that says "This site terminated due to fraudulent activity"
and pointers to how to not be sucked into these things. 

> Personally, I'd prefer registrar lock myself, as that keeps 
> the distinction
> between scam and non-scam clear. 

Registrar lock is preferred on my part. The redirect idea was
creative. 


-M<