 Dude111An Awesome DudePremium
join:2003-08-04
USA
kudos:10
 ·Time Warner VOIP
| Can You Identify Phishing? Can you tell a real site from a phony one?
Try this test and learn:
»www.mcafee.com/phishing_quiz
I got 5/10 right  |
|
 LanikLab-nikPremium,ExMod 2002-03
join:2001-06-25
Bay Area | Same. Some of them are pretty good or I wasn't looking closely enough. 
--
"If it ain't broke don't fix it." |
|
 amysheehanPremium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
kudos:9
 ·RoadRunner Cable
| reply to Dude111
Got 9/10 correct - missed the URL redirect for myspace - never been there and looked more at the layout and missed the obvious.
--
DSLR Phishtracker |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to Dude111
9/10. However, I didn't much like it. The information being used to distinguish is of marginal value. Some phish sites are very good and cannot be distinguished in this manner. And even real sites can make grammatical errors on their web pages.
In practice you have other information available that is more reliable - the email headers, the hostname of the web page are examples.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4 |
|
|
|
| reply to Dude111
I got 9/10 right...just missed the SSL wrong...but maybe because I actually read the certificate fully and not just look at the picture.
»www.siteadvisor.com/quizzes/phis···#quiztop |
|
 PortmonkeyMy watch stoppedPremium
join:2004-04-09
Southern IL | reply to Dude111
Missed the Chase Bank and Amazon. |
|
 OwlbetIgnite the IcePremium,MVM
join:2002-09-24
Palmer, AK
1 edit | reply to Dude111
I got 8 out of 10 correct. If I would have taken the time to completely read both pictures, I would have found the grammatical errors on #4 & the logo error on #8. |
|
 psicopMore human than humanPremium
join:2005-12-21
Australia | reply to Dude111
7/10.
Doesn't worry me. I NEVER do any of financial & business transactions online.
I learned how dirty is the Internet with this regards several years ago from one of my ex-flatmates a sys admin at Mincom who also happened to use Knoppix.
Thnx for providing the link, dude111. |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | reply to Dude111
First try. |
|
 Blue2Premium
join:2004-04-14
France
kudos:1 | reply to nwrickert
said by nwrickert:9/10. However, I didn't much like it. The information being used to distinguish is of marginal value. I agree. This test is a terrible way to test security knowledge.
1. "Missing Security Center" link means that it's a phish? (But when my bank changes its SSL login page to a non-SSL page I'm supposed to believe that this is the real site?)
2. "Awkward phrasing" (Hahahaha. I think my bank ONLY hires people for their awkward phrasing.)
3. "Space between end of word and punctuation"? (Yeah, sure, no programmer would ever do that?)
4. "Vague but scary warning." (Huh?)
5. "PayPal Account Department doesn't sound real." (But "PayPal Executive Escalations", a real division, does?)
6. Knowing the name of a phishing scam protects you? (Whether it's called ""Zimbabwean 404" or "Nigerian 419" means nothing. The point is to recognize WHY it is a scam, not its name.)
All this test says to me is that if I were a potential scammer, I should just copy the precise wording from the authentic site or get out my dictionary and 99% of the web users in this world are toast!
I continue to maintain that spelling is a horrible test of authenticity, as the spelling of many of the posts on this forum alone demonstrate. |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:5
·RoadRunner Cable
 ·Clearwire Wireless
| I wouldn't go as far as saying that the test is a total disservice to the internet community, but I certainly wouldn't call it a bonafide service either. The test does raise awareness of phish hosts so give it credit for that. Suggesting that visual clues are a legitimate method of determining whether a site is who it claims to be is a disservice to the internet community. The focus needs to be how on to avoid landing on a phish page. Not surprisingly it suggests using it's site advisor for maximum protection. Not surprisingly that's also a disservice to the internet community in the context of determining a sites authenticity. The poor grammar, spelling & malformed phish examples they are using on their test pages occur so infrequently in comparision to the perfectly formed phish hosts we see today that it's a disservice to make them central to the test. The best protection is simple & free. Not clicking a link in an email will provide more protection than visual clues & site advisor combined. Guaranteed. |
|
 John_WPremium
join:2000-04-25
Worcester, MA | reply to Dude111
Well I got them all right, but with the quiz, you knew there was one that was a phish site. So you took the extra time to go over each one. In real life, with no comparison site, would you be able to catch all of these.
The quiz was a bit off because you could not tell the context to which the person got to the site. Was it from an unsolicited email, mistyped website? You also couldn't hold your mouse over links to see if they were legitimately owned by the company you were looking for. That made the quix more difficult.
So in some cases it may be more difficult to figure it out, but in some cases finding out it is a phish site may be easier than the quiz was.
--
Team Discovery--BBR Team Helix |
|
 barqsdrinkerWhat Can I Photograph Today?Premium
join:2001-02-26
Apo, AE | reply to Dude111
I got 8 out of 10; but like most, I didn't care for it, either. What if you don't have an AOL, Amazon, or Capital One account?? Even with the poor phrasing, why would one care about whether or not the site was real - you don't have an account so you know it is fake.
--
Thanks for reading! |
|
| reply to Dude111
YOU ANSWERED 7 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru |
|
Blue2Premium
join:2004-04-14
France
kudos:1
1 edit | reply to Dude111
Yes, DojiStar, in the real world, no one is given two alternatives to choice between and is told that one of them is a phish. A far better test might have been to make ALL the choices phishes, thereby proving how deceiving looks can be.
It might be interesting to get times spent looking at these twenty examples as well as scores. |
|
 yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | reply to Dude111
9 of 10 correct. I've never been a customer of Chase Bank and have never visited their site. |
|
 JohnInSJPremium
join:2003-09-22
San Jose, CA
·PHONE POWER
·Comcast
| reply to Dude111
YOU ANSWERED 9 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru
Missed the Amazon one.
However, my first thought was - ewwue, they're using IE, they must all be phishing attempts
--
My place : »www.schettino.us |
|
 ZaberWhen all are gone, there shall be none
join:2000-06-08
Cleveland, OH | reply to Dude111
9 out of 10 here. I missed the Chase bank one. Then again who says that all professional sites are perfect in their grammar? I was looking more at the page layout and what information they asked for. A real test would have included more information (where the link came from, etc).
--
Give a man a fish and he eats for a day, teach a man to fish and he will feed himself for a lifetime |
|
| reply to Dude111
9/10 here, one i missed was my Bank.  |
|
 swhx7Premium
join:2006-07-23
Elbonia | reply to Dude111
Blue2 and SnowyOne are basically right: the quiz is worthless. But it's actually worse than useless because it teaches people to judge by the wrong criteria.
The most basic thing you need to look at is the URL. It was actually *missing from the picture* in at least one of the questions (I quit at that point). Yes, other clues are important too, but without the URL you can't be sure.
There was another quiz like this with images of emails, asking visitors to spot the phishes. That too was worse than useless: they showed HTML-rendered displays, with all the true URLs behind the links invisible, and the headers not showing. Thus all the relatively reliable indicators of where it came from were missing, and they were effectively training people to rely on superficial appearances instead.
With the amount of effort that's been put into this slick quiz, they could easily have made a good start on teaching people the basic technical facts that would really help them.
The underlying idea seems to be that the public just can't learn anything that involves more text and thinking and less of the colorful pictures. Such idea is stupid and harmful.
'Scuze me for ranting. |
|
