[73246] in North American Network Operators' Group
Re: Phishing (Was Re: WashingtonPost computer security stories)
daemon@ATHENA.MIT.EDU (Richard Cox)
Tue Aug 17 09:22:46 2004
From: Richard Cox <richard@mandarin.com>
To: nanog@nanog.org
Reply-To: nanog@mandarin.com
In-Reply-To: <200408171205.IAA30140@sigma.nrk.com>
Date: Tue, 17 Aug 2004 13:21:11 +0000 (GMT)
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, 17 Aug 2004 08:05:41 -0400 (EDT)
"David Lesher" <wb8foz@nrk.com> wrote:
| I wonder if the banks have ever considered how they have contributed
| to the problem. If their pages were straight up, no pop-up's, no
| JavaVirus, etc.... it would be far easier to tell their customers:
|
| ==============================================================
| Here is what our page looks like:
|
| The address ALWAYS starts with: https;//www.countrybank.com/...
|
| With a page like this. [graphic image]
| If you have pop-ups, or a different page, stop...
|
| ==============================================================
|
| But of course, that would not be glitzy enough....
No matter how often they told customers that, a sufficient percentage
would ALWAYS be susceptible to the fraudsters' social engineering ...
That feature seems to be hard-coded into the class $customer
--
Richard Cox
