or how to stop your resources being used by phishers!
An attacker will use a number of different resources when performing a phishing attack. Typically, this will include a “bot net” of compromised PCs to send out the phishing email, a compromised web server (or just a phishing friendly server) to host the phishing site. But they could also use resources from your website!
In order to make the phishing emails appear more authentic, an attacker will typically include logos and other images from the targetted organisation. However, they may not use images directly from the targetted organisation’s website. Instead they will search on the internet for common file names, such as bank_logo.gif, paypal.jpg and so on. You can see examples of these in the Real Time Phishing Site Monitor.
Another technique to make phishing emails appear more authentic is to include a signature. Typically, these files are called signature.gif. Google, or other search engines, can be used by an attacker to quickly locate these. For example, just use google’s image search facility to look for inurl:signature.gif filetype:gif to find suitable resources. If you find yours, then you can expect to be promoted to be a security manager at a leading bank, with lots of emails being sent out in your name in a pretty short time!
A simple technique to avoid your resources being used, is to simply give your images a non-obvious name - so instead of calling your file signature.gif, or paypal.jpg, call it image0001.gif or IM456-01.jpg. It will also make life a bit harder for the phishers.