Home page logo

webappsec logo WebApp Sec mailing list archives

RE: Phishing
From: "Griffiths, Ian" <Ian.Griffiths () liv-coll ac uk>
Date: Wed, 12 May 2004 17:26:20 +0100

Some good ideas there Rogan.  I to feel educating users is a large part of this but how far can you go?  Consider this 
(ficticious) URL:
https://secure.bank.com:/logon/12345 () nefarious fraud net/
Fairly easy to set up, completely compliant with protocol, starting with the right thing, looks genuine to the 
untrained eye and yet completely unscrupulous.  I've actually seen something similar in the wild and I'm completely 
sure it works, spotting this takes more than a passing exposure to knowledge of URL composition.

        -----Original Message----- 
        From: Rogan Dawes [mailto:discard () dawes za net] 
        Sent: Wed 12/05/2004 13:59 
        To: Griffiths, Ian 
        Cc: Amit Sharma; webappsec () securityfocus com 
        Subject: Phishing

        Make the site name as short as possible, and as obvious as possible, to
        reduce confusion. Rather than "www{1,2,3,4,5,6,7,8,9}.encrypt.bank.com",
        try to use something short and simple like "secure.bank.com", and use it
        consistently for all servers supporting a particular application. That
        way there is less confusion for users, and less likelihood that a
        scammer will get away with using a slightly different domain name.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]