tracking down and stopping "phishing emails"

Best way to start tracking  and stopping "phishing emails".

Should I deploy Third party solution like Postini to start.

Shoul I block the IP address that Phishing emails are coming from ?
cogitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

r-kCommented:
Are you asking for yourself, or for your organization?

For yourself, a good junk/spam filter combined with some fine-tuning of that same filter should help a lot.
People have praised postini though I don't use it myself. I get good results with just the junk filter that is included with Outlook 2003.

Some more suggestions in these threads:

 http://www.experts-exchange.com/Miscellaneous/Q_21501727.html
 http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21591759.html
 http://www.experts-exchange.com/Applications/Email/Q_21136864.html
 http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21321236.html

graemeboroCommented:
From a corporate point of view you can look at a couple of good products:

SurfControl Email filter sits on your gateway and this is a good solution wwww.surfcontrol.com

MIMESWEEPER is another good email filter product which I have used.  www.clearswift.com

You can subscribe to real time blacklists although these rely on the provider keeping them uptodate.  As r-k said Outlook 2003 offers a good filter solution.

Hope this helps.  If you want to know more about these two products let me know.

Graeme
Rich RumbleSecurity SamuraiCommented:
It's an uphill battle, and Phishers are changing their tactics all the time. Currently all you can do is look for blackhole lists, and have email's and IM's inspected for alternate characters. With CrossSite Scripting expolits on the rise, you can even fool the "real" site into thinking the link is legit
http://www.infoworld.com/article/05/12/05/HNebaytricked_1.html?source=rss&url=http://www.infoworld.com/article/05/12/05/HNebaytricked_1.html
When one of the biggest fraud and phishing investigative teams are even fooled (eBay) you just have to shudder...
http://www.antiphishing.org/
http://www.antiphishing.org/consumer_recs.html

Bruce Schneier is one of the foremost security practitioners in the world ( http://schneier.com/blog/ )
http://www.wired.com/news/politics/0,1283,69076,00.html
http://www.schneier.com/blog/archives/2005/12/new_phishing_tr.html (can't trust that pad-lock)
http://www.schneier.com/blog/archives/2005/10/scandinavian_at_1.html (very sneaky... no toolbar's for that, no black-hole list for a 0-day attack)
http://www.schneier.com/blog/archives/2005/10/phishing_withou.html
http://en.wikipedia.org/wiki/Phishing
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm    http://en.wikipedia.org/wiki/Phishing#Anti-phishing_2

Again, it's a threat that is not easy to combat. Security is a Process, not a Program. I'd just about forget about tracking down the original source's of phishing emails and or IM's, as spoffing the email headers is trivial, and even if not forged, the email likely came from a "bot" or a compromised "zombie" computer, that zombies owner would know nothing about how they were hacked, and would likely be found to be innocent of any wrong doing.

Educating users about how harmful the internet is, and how easy it is for people to fall victim, as well as how easily impersonation can be done is paramount. Asking for help and verification should also be instilled into your users. If they are unsure what to look for, or if they think something is suspecious, they should ask the question, rather than err on the side of convience. You should still employ all the resources you can to help protect your users, but it can really boil down to "gullability" or users being too trusting of the internet and the people they interact with on the internet. I'm not sure we can answer the question anytime soon completely, again it's an ever changing threat that you have to keep up with and research...
-rich

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.