Can You Identify Phishing? in Security http://www.dslreports.com/forum/r18748749 en Mon, 22 Mar 2010 00:05:12 EDT Mon, 22 Mar 2010 00:05:12 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18789844 MeanPeepsSuk : It does seem to be gone. Wonder why? They still have a page up about the quiz here: »blog.siteadvisor.com/2007/07/phi···in.shtml

but the links on it to the actual quiz just auto-forward to the home page with no explanation.

Kind of strange...... ]]> http://www.dslreports.com/forum/remark,18789844 Wed, 01 Aug 2007 13:16:50 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18789580 Blue2 :
said by vircotto See Profile :

The phishing quiz seems to have disappeared. I wonder why....
You mean like putting up two fake Amazon sites and two fake Chase sites and asking you to choose which one is the real one?

That sound you hear is them tripping over the tail between their legs as they head for cover.]]> http://www.dslreports.com/forum/remark,18789580 Wed, 01 Aug 2007 12:34:42 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18789387 jabarnut : Hmmm.....maybe you downloaded SiteAdvisor and it's blocking it's own quiz? :D (j/k)

I don't see it in the original link anymore either.
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18789387 Wed, 01 Aug 2007 12:07:57 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18789331 vircotto : The phishing quiz seems to have disappeared. I wonder why.... I can still access some of the images, but the quiz appears to be vapor.]]> http://www.dslreports.com/forum/remark,18789331 Wed, 01 Aug 2007 12:00:18 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18779792 Dude111 : Congrats on getting 8 right!

Im kinda sad i only got 5 :D (I thought i was IDing stuff well)]]> http://www.dslreports.com/forum/remark,18779792 Mon, 30 Jul 2007 23:58:27 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18776985 wolfdragon01 : YOU ANSWERED 8 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru

I missed the Bank of America and paypal questions 3 and 6 on their list. Thankfully I do not not use their services. . .]]> http://www.dslreports.com/forum/remark,18776985 Mon, 30 Jul 2007 16:32:41 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18774420 Blue2 :
said by jabarnut See Profile :

Like I said earlier, there are a lot of different ways to scam people....some are just a lot better at it than others. ;)
Well said.

"Yes, as through this world I've wandered
I've seen lots of funny men;
Some will rob you with a six-gun,
And some with a fountain pen."
PRETTY BOY FLOYD (Woody Guthrie, 1939)

Instilling insecurity is big business with a capital "B", and the unsuspecting are just as likely to fall for those licensed scams as they do for phishes. ]]> http://www.dslreports.com/forum/remark,18774420 Mon, 30 Jul 2007 09:43:14 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18774379 rolande :
said by russotto See Profile :

Umm, how are you going to do that? I could probably get a few suckers to install my root CA into their browser, but no one with any security savvy is going to do it.
Not difficult at all to do. All you need is a script to execute that drops the file and makes the registry update.

said by russotto See Profile :

If you can get a trojan in, you don't need a proxy or a root certificate or any such thing. Your trojan can just pull the data out in the clear before encryption or after decryption, and send it wherever you like.
Doesn't work that way easily if you need real-time activity recorded. Much easier and incriminating to see the traffic on the wire.
--
Ignorance is temporary...stupidity lasts forever!

»www.thewaystation.com/
»blog.thewaystation.com/]]> http://www.dslreports.com/forum/remark,18774379 Mon, 30 Jul 2007 09:35:09 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18774300 jabarnut : I still get a big kick out of the fact that even when you're an amazing "Safety Guru" who can "answer 10 out of 10 questions correctly", and have a "practically clairvoyant knowledge of the Web", that they still follow it up by telling you to not let scammers fool you.

Furthermore, SiteAdvisor can help protect your identity by warning you before you visit a risky site.

All of this amazing protection for the low, low, price of $49.99.

Of course, for someone as knowledgeable as a Safety Guru, the obvious and most logical thing to do would be to get the "3-user family pack" for a mere $19.99.

Heck, not only do you "save" an incredible $30.00, but those poor unsuspecting family members who aren't gifted enough to have that same "clairvoyant knowledge of the Web" that you do, will finally have a wonderful sense of security and piece of mind.

Like I said earlier, there are a lot of different ways to scam people....some are just a lot better at it than others. ;)
--
I had a life once.....now I have a Computer and a Modem.]]> http://www.dslreports.com/forum/remark,18774300 Mon, 30 Jul 2007 09:19:06 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18773589 PeeWee : 9/10
Doc1.zip 19,380 bytes
(Doc1.docx)
]]> http://www.dslreports.com/forum/remark,18773589 Mon, 30 Jul 2007 03:23:52 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18773422 supergirl : I thought both Amazons were fake (the URLs looked weird) but went totally by the login screen so got 10/10.

Personally, I think PayPal itself is a scam.

Anyone sending me email with weird stuff, I delete. The Nigerian one has been around forever.

MySpace has made it difficult to check scams since everything starts with a "mslinks..." url. Their ads have all kinds of scams themselves. :uhh:

The tip: never login to a site unless you personally typed the URL yourself. I do have a personal page with all my finance links on my computer (a local webpage) so it's done for me.
--
Saving the world keeps me busy. However, I find Earth very primitive from my home planet of Krypton.
-Supergirl

Security
]]> http://www.dslreports.com/forum/remark,18773422 Mon, 30 Jul 2007 02:00:44 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18770772 Link Logger :
said by aefstoggaflm See Profile :

Which is the authentic Amazon site?
Both of the Amazon sites are fake and I posted the reasons earlier in the discussion.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool]]> http://www.dslreports.com/forum/remark,18770772 Sun, 29 Jul 2007 16:47:59 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18770699 slash616 :
said by twcx95 :

10 out of 10. It wasn't hard at all. It would have been even easier if we had some context. That is, how the user arrived at the webpage. That is all not to mention, except for the first question, we never get to see any info regarding the url of the webpage.
I think they were trying to point out that you shouldn't even rely on the URL alone. IIRC, there have been URL encoding/XSS vulnerabilities in the past that even comes from a valid URL, but the arguments passed in the URL allow injection or worse, a retrieval of a third party site. (10/10 btw)]]> http://www.dslreports.com/forum/remark,18770699 Sun, 29 Jul 2007 16:36:27 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18770599 IllIlIlllIll : i had no problem answering the questions in less than 5 minutes.
]]> http://www.dslreports.com/forum/remark,18770599 Sun, 29 Jul 2007 16:14:28 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18770333 SnowyOne :
said by aefstoggaflm See Profile :

Is there a way to get the right answers, without taking the test again?

Rob See Profile posted this in the news
»cache01.ae1.net/8c985935a22567f0···8fcc.jpg]]> http://www.dslreports.com/forum/remark,18770333 Sun, 29 Jul 2007 15:05:46 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18770091 aefstoggaflm : 8 out of 10 correct. :)

The ones that I got wrong were..

Which is the authentic Bank of America site?

Which is the authentic Amazon site?

----

Is there a way to get the right answers, without taking the test again?

[EDIT] I hope someone finds a way to get the McAfee SiteAdvisor Plug-in for Firefox, but from addons.mozilla.org :uhh:

--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.]]> http://www.dslreports.com/forum/remark,18770091 Sun, 29 Jul 2007 14:10:14 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769881 jdong :
said by russotto See Profile :

But I can just as easily create and sign my own certificate with my own Root CA and trick you into loading my Root certificate into your browser.


Umm, how are you going to do that? I could probably get a few suckers to install my root CA into their browser, but no one with any security savvy is going to do it.

That's the point -- security savvy people don't fall for this. However, from unscientific observatons I'd be willing to say 60% or more of the "average population" will click through an invalid certificate warning without a second thought -- or thinking how the f**** do I turn off this stupid annoying alert?
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18769881 Sun, 29 Jul 2007 13:30:41 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769772 russotto :
But I can just as easily create and sign my own certificate with my own Root CA and trick you into loading my Root certificate into your browser.


Umm, how are you going to do that? I could probably get a few suckers to install my root CA into their browser, but no one with any security savvy is going to do it.

All you need to do is drop a nice little trojan that adjusts the browser's proxy settings and adds your own Root CA certificate and with the right proxy product you can start capturing any and all SSL traffic from that client in the clear and they will not know the difference.

If you can get a trojan in, you don't need a proxy or a root certificate or any such thing. Your trojan can just pull the data out in the clear before encryption or after decryption, and send it wherever you like.]]> http://www.dslreports.com/forum/remark,18769772 Sun, 29 Jul 2007 13:07:47 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769226 nasadude : I never click on links in emails, even from financial institutions I do business with - I enter what I know to be the correct web address directly, then navigate where I need to go.]]> http://www.dslreports.com/forum/remark,18769226 Sun, 29 Jul 2007 11:09:28 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769205 jsimmons : 10 out of 10... Surprised myself :). I thought surely I'd miss one or two. A few were pretty tricky.
--
"Everything should be made as simple as possible, but not one bit simpler." - Albert Einstein ]]> http://www.dslreports.com/forum/remark,18769205 Sun, 29 Jul 2007 11:06:18 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769176 rolande :

YOU ANSWERED 10 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru

Nice work! Your practically clairvoyant knowledge of the Web allows you to spot even the most realistic looking spoofed sites. We're impressed!


I agree with nwrickert See Profile. The information provided was of marginal value to determine site spoofing or not. In a real situation you have a lot more info available to you.

The SSL certificate question is a red herring. SSL certificates signed by a trusted Root CA that match the domain name and company name you are attempting to communicate with provide a level of trust. But I can just as easily create and sign my own certificate with my own Root CA and trick you into loading my Root certificate into your browser.

The potential for "man in the middle" attacks for SSL are scary. I can see it as the next BIG backdoor for authorities to find out what someone is doing in real-time for tracking/monitoring purposes. This capability to transparently unlock SSL has been around for just over a couple years now.

All you need to do is drop a nice little trojan that adjusts the browser's proxy settings and adds your own Root CA certificate and with the right proxy product you can start capturing any and all SSL traffic from that client in the clear and they will not know the difference. Heck, with law enforcements power, all they need to do is drop an SSL proxy transparently inline with a particular users traffic at their ISP and they have the keys to the kingdom.
--
Ignorance is temporary...stupidity lasts forever!

»www.thewaystation.com/
»blog.thewaystation.com/]]> http://www.dslreports.com/forum/remark,18769176 Sun, 29 Jul 2007 11:00:01 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18769070 antiserious :
"YOU ANSWERED 10 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru

Nice work! Your practically clairvoyant knowledge of the Web allows you to spot even the most realistic looking spoofed sites. We're impressed!"

There was one guess in there, but some should have been obvious enough to raise flags for most everybody.

--
"Burn the land and boil the sea
You can't take the sky from me "
]]> http://www.dslreports.com/forum/remark,18769070 Sun, 29 Jul 2007 10:33:28 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18768990 Straphanger : I got 9/10...screwed up on the BoA one.]]> http://www.dslreports.com/forum/remark,18768990 Sun, 29 Jul 2007 10:07:26 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18768065 madylarian : I got 10 out of 10 and I don't need Site Advisor to tell me to look at the actual url in a link.

mady
--
Honi soit qui mal y pense]]> http://www.dslreports.com/forum/remark,18768065 Sun, 29 Jul 2007 01:32:30 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18767272 mvdu : I got 8/10 correct.

Missed the PayPal question. I go there, but didn't remember the security center link. I also got the name of the other scam wrong. I can't believe I hadn't heard the name.]]> http://www.dslreports.com/forum/remark,18767272 Sat, 28 Jul 2007 22:31:09 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18767245 tmaertin : 9/10 - i missed the capital one question as well - both seemed phishy to me. i find myself muttering "whats in your wallet" to no one in particular...
--
Hike up your skirt a little more, and show your world to me.]]> http://www.dslreports.com/forum/remark,18767245 Sat, 28 Jul 2007 22:24:39 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766642 thxmed : I got all ten answers correct too easy]]> http://www.dslreports.com/forum/remark,18766642 Sat, 28 Jul 2007 20:12:16 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766610 RoundTuit : Lucky, I guess.
]]> http://www.dslreports.com/forum/remark,18766610 Sat, 28 Jul 2007 20:06:11 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766272 MrMoody : 10/10 first try. ]]> http://www.dslreports.com/forum/remark,18766272 Sat, 28 Jul 2007 18:49:33 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766198 Squirrelly : 9 out of 10

I agree the test is not a fair way to judge a fake site but I will help some people. I have my site booked marked that I shop at so no worries there. I think the best way to tell fake site is by the URL
--
I bitch. People listen!!]]> http://www.dslreports.com/forum/remark,18766198 Sat, 28 Jul 2007 18:31:37 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766154 MarkAW : Aren't these like the same questions they had a couple years ago.

YOU ANSWERED 10 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru]]> http://www.dslreports.com/forum/remark,18766154 Sat, 28 Jul 2007 18:21:59 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766139 schipperke : McAfee SiteAdvisor Phishing Quiz
YOU ANSWERED 10 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru

The ones that let you see the URL are not hard, some were tricky though]]> http://www.dslreports.com/forum/remark,18766139 Sat, 28 Jul 2007 18:19:06 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18766046 stevesa : FWIW

YOU ANSWERED 10 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru :)]]> http://www.dslreports.com/forum/remark,18766046 Sat, 28 Jul 2007 18:01:13 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18765779 jdong :
said by Phished_out :

- Got Six out of Ten for the test.

I still think SSL is pretty safe, regardless of what they want to say. What is SSL anyway? Super safety locks? Oh, wait - Secure Socket Layer. It's meant to prevent people from listening in on the data transfer you're using. Thought I'd double check SSL in case I was wrong, but :

- »en.wikipedia.org/wiki/Transport_···Security
The point the test was trying to make, is, I can register a site like "www.amazon.com.haha.this.is.fake.com", and buy a signed certificate for this site, and when you visit it, you'll get SSL and a padlock that shows this site is verified....

Signed SSL means
(1) Your transmission is secure (err let's save that argument for another day) from you to the server and back.
(2) The server you are visiting is certified by a trustworthy authority to be the one it claims to be.

It doesn't say anything like "this is an authentic bank" or those things. You still have to check the URL for validity, and so on.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18765779 Sat, 28 Jul 2007 17:07:07 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18765765 anon : - Got Six out of Ten for the test.

I still think SSL is pretty safe, regardless of what they want to say. What is SSL anyway? Super safety locks? Oh, wait - Secure Socket Layer. It's meant to prevent people from listening in on the data transfer you're using. Thought I'd double check SSL in case I was wrong, but :

- »en.wikipedia.org/wiki/Transport_···Security

I have never visted any of the websites (Myspace, Capitol 1, etc. etc.) except Amazon and the first rule of thumb for checking emails is to see who the sender is (before you open it). Though the point of phishing scams is to trick you into giving your info away, I felt this test was pointed in such a way as to make you fail a few questions. I'm not paranoid enough to pass them all, I guess.

Do you open emails that aren't from anyone/institution you don't know or frequently use? You should be ashamed of yourself, then.
I don't have a paypal account. Why would I receive an email from them asking me to verify my account details?

Felt like a scare tactic. Thought it would have been a useful test to help me discover new methods of diverting phishing scams.

At least it was free.

Ranting done.]]> http://www.dslreports.com/forum/remark,18765765 Sat, 28 Jul 2007 17:03:42 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18765569 raye : 9/10; knew the e-mail answer was probably wrong. But I usually check the e-mail headers anyway, which show the actual domain name and IP address of sender.

Real easy to do in Outlook or any other client.]]> http://www.dslreports.com/forum/remark,18765569 Sat, 28 Jul 2007 16:16:33 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18764139 Improfane : 10/10

Amazon one requires familiarity with the site itself. I am familiar with the site: Amazon ask you if you have an account or not.

The official PayPal email also has a link to the paypal website itself, the phishing email wouldn't do this since they want you to go to their page.

The MySpace is an interesting one though. People really do ignore the ending and look at the beginning.

Links on PayPal also misrendered.

The rest are littered with grammatical mistakes, making it easy.]]> http://www.dslreports.com/forum/remark,18764139 Sat, 28 Jul 2007 11:14:05 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18760482 jdong :
said by Mele20 See Profile :

What was hard about Amazon? I got that one in a second...most of them were quick and very easy to tell and even the harder ones I just knew instinctively. I didn't even notice that there were grammar and spelling mistakes as I didn't need to pour over any of them to know which was the "bad" one. The only one that gave me pause was the CapitalOne because I believed both to be fraudulent although my instinct told me to choose the second one, I felt it was worse than the first because at least the first wasn't asking for a SocSec number.
The hard part is not paying attention to those kinds of inconsistencies. Nowadays the Internet has made people so hasty in their get-rich-e-business schemes that there is no attention paid to consistency and quality. If I were to closely nitpick each site, I'd argue that I'd think that 90% of the sites were fakes.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18760482 Fri, 27 Jul 2007 18:54:58 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18760446 Mele20 : What was hard about Amazon? I got that one in a second...most of them were quick and very easy to tell and even the harder ones I just knew instinctively. I didn't even notice that there were grammar and spelling mistakes as I didn't need to pour over any of them to know which was the "bad" one. The only one that gave me pause was the CapitalOne because I believed both to be fraudulent although my instinct told me to choose the second one, I felt it was worse than the first because at least the first wasn't asking for a SocSec number.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18760446 Fri, 27 Jul 2007 18:50:47 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18758841 jofallon : With the Amazon one, I actually opened the real Amazon page in another browser window and flipped back and forth between the images. Neither image matched the Amazon page I saw. Agreed that not seeing the URL removes the biggest clue. Is there something in the Phishers' Handbook for Fraudulent Web Sites that prevents them from using a spell-checker or a proof-reader?]]> http://www.dslreports.com/forum/remark,18758841 Fri, 27 Jul 2007 15:04:43 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18758217 jdong : It's frustrating how all the evidence you have to work from are crappy incomplete screenshots -- you keep on wondering, "is that it?"

I know if they acually linked to the real sites, or provided a good Flash emulation of a web browser with an address bar or even view source / view certificate options, everyone here would've scored 10/10.

As I said before, this is nothing more than a way to market their products by fooling the user into thinking he's exceedingly inept.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18758217 Fri, 27 Jul 2007 13:31:43 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18758189 yock :
said by EGeezer See Profile :

My personal opinion is to avoid sources of phishing links, like unsolicited emails, linking from unrelated web sites, popups or ads.
Really, this is the best advice of all.
--
Laughter is the closest distance between two people. --Victor Borge
"The opposite of war isn't peace, it's creation."]]> http://www.dslreports.com/forum/remark,18758189 Fri, 27 Jul 2007 13:28:23 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18758173 EGeezer : Well, based on the discussion and research in this post, it appears there's no really good way to "detect phishing", including using McAfee's own products.

My personal opinion is to avoid sources of phishing links, like unsolicited emails, linking from unrelated web sites, popups or ads. Type in and use the institution's own main web site. Peruse and verify the certificate information and the issuer as a legitimate one and not self-issued or issued to other than the domain you're visiting.

Marketscore's crapware is an example of a third party issuing its own certificate to the user signing into his SSL-encrypted site so marketscore can decrypt and track that user's SSL activity.

Cain & Abel is a program that provides a self-issued certificate to decrypt and capture SSL encoded passwords. You'll generally get a "unknown Issuer" message from your browser if you encounter this.

Finally, after avoiding referred links and using your own keyboard to enter URLs, if the links still look suspicious, back out. Use the telephone or go to the company's office where practical.
--
Sive enim ad sapientiam perveniri potest, non paranda nobis solum ea, sed fruenda etiam est]]> http://www.dslreports.com/forum/remark,18758173 Fri, 27 Jul 2007 13:26:25 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18757986 Link Logger :
said by Mr Anon :

There is or was a chase question, I haven't gone back to it. They may have removed it after I sent a complaint about it.
You should fire off a complaint about both of the Amazon screens being fake as well.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool]]> http://www.dslreports.com/forum/remark,18757986 Fri, 27 Jul 2007 12:53:55 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756810 Blue2 :
said by Mr Anon :

There is or was a chase question, I haven't gone back to it. They may have removed it after I sent a complaint about it.
In other words, Mcafee's method of judging sites by spelling and design confused even Mcafee, so they really got only 9 of out 10 right on their own test? Ouch. Shooting yourself in the foot has got to hurt.]]> http://www.dslreports.com/forum/remark,18756810 Fri, 27 Jul 2007 09:19:57 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756740 amysheehan :
said by Mr Anon :

There is or was a chase question, I haven't gone back to it. They may have removed it after I sent a complaint about it. I have the link to the picture on there site that is still there when I posted this message.

»www.siteadvisor.com/quizzes/phis···swer.jpg

To find the actual chase page.
chase.com click mortgage under Personal Lending
then click Online mortgage application under Apply online.

drado.com seems to be a lending inst. maybe they work with chase.
See my post just above yours: »Re: Chase

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,18756740 Fri, 27 Jul 2007 09:01:52 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756728 anon : There is or was a chase question, I haven't gone back to it. They may have removed it after I sent a complaint about it. I have the link to the picture on there site that is still there when I posted this message.

»www.siteadvisor.com/quizzes/phis···swer.jpg

To find the actual chase page.
chase.com click mortgage under Personal Lending
then click Online mortgage application under Apply online.

drado.com seems to be a lending inst. maybe they work with chase.]]> http://www.dslreports.com/forum/remark,18756728 Fri, 27 Jul 2007 08:59:36 EDT Re: Chase http://www.dslreports.com/forum/remark,18756667 amysheehan : Mornin' Mele20 See Profile

The 'quiz' has changed since I first took it.
DETAILS: Question 4 of 10: One good way to protect yourself from a phishing attempt is to check the sender's name in the "From" field of an e-mail to see if it is the name of a legitimate institution.
--- This item WAS the location of the Chase [JP Morgan] good +/or fake web pages when I took the 'quiz'

I think the 'Chase' one was removed after this post was made: »Re: Can You Identify Phishing?

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,18756667 Fri, 27 Jul 2007 08:44:07 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756642 Mele20 : I agree that one cannot remember the address for the secure page at Chase and a longer address invites typos. That's why I have it in Bookmarks and I told Chase when they first took the secure login off the main site that it was very stupid of them. CapitalOne is much better. Chase told me everyone knows to use chaseonline. I said that is crazy because I didn't and I have banked online with them since they first started online banking so it wasn't as though I was new and ignorant when they changed the main page login to nonsecure and I tried to find the secure login. It took me 30 minutes of hunting all over their site to find it. When I did, I called their internet support number and laid into the tech and he said "you actually found a secure login page? Where? Give me the address." He wanted to be able to tell others calling and complaining that there still was a secure login page. I also wrote Chase several secure emails about it and got only one canned reply.

Later, Chase tried to say that everyone "knew" to use the chase online page but no one did at first! And new customers probably don't know now. Chase made a mess of online banking from the beginning. They were the last of the major banks to have online banking and I was eagerly awaiting it...it was awful...two sites you had login to with a time limit on how long you could be there before you would be kicked off the site even if you were in the middle of paying your credit card bill. I exceeded the time limit many times because one of the two sites wouldn't load or would and then give a bunch of errors. It was horrible. I had to call their tech support so many times and frequently while on the phone with Chase support, I would get logged out and there was nothing I or the tech could do. I had to wait the mandatory time (15 min I think it was/is) before I could try to login again so the tech would be watching the clock, and telling me to hurry after he had given some fix for a problem, so I would get my business done before I was logged out.

In contrast, CapitalOne doesn't even have a specific tech support for online banking because they never have problems they told me. And they actually pay attention to user complaints and if they think the complaint has merit they act rapidly. However, they were very slow to add support for Fx. But the best banks online are like my home bank which has put its ENTIRE SITE behind https.

I am still trying to figure out why everyone else in this thread says they saw Chase pages in the test, whereas, I saw CapitalOne pages. Maybe there are two tests? Maybe I saw other pages that were not like what the rest of you saw?????
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18756642 Fri, 27 Jul 2007 08:39:24 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756468 Blue2 : Yes, I posted example 11 above to demonstrate that even reputable banks make errors (on their security page no less!) so that relying on spelling or design alone is not a reliable method to judge a site's authenticity.

If one banks at Chase, how does one know that the banking login page is chaseonline.chase.com rather than www.chase.com?

Citibank's secure logon page is: »https://web.da-us.citibank.com/cgi-bin/c···ogin.jsp

Obvious, right? These are just stupid corporate decisions that make phishes easier since no consumer can remember these addresses and it makes typing them in more likely to create errors.]]> http://www.dslreports.com/forum/remark,18756468 Fri, 27 Jul 2007 07:45:49 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756430 Mele20 :
said by Blue2 See Profile :

said by Mele20 See Profile :

But the quiz didn't have a Chase page.
See the Chase single choice example posted above.
You mean your example number 11? There were only 10 tests not 11 and Chase was not one of them.

»www.chase.com has a login on the main page and it is not encrypted probably for the reasons you mention. However, if you bank online at Chase, you are NOT supposed to go to www.chase.com rather you are supposed to go to »https://chaseonline.chase.com/online to login.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18756430 Fri, 27 Jul 2007 07:28:38 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756380 Blue2 :
said by Mele20 See Profile :

But the quiz didn't have a Chase page.
See the Chase single choice example posted above.

said by Mele20 See Profile :

No, ChaseOnline, which is their banking site, uses SSL page for logon. You are not supposed to use the general Chase.com site to do your banking. You are supposed to go to ChaseOnline instead which is secure.
I don't know about Chase but Citibank's banking site switched from SSL to a non-encrypted login page so that they could reduce the page load time for advertising.

The gap between banks and phishers is narrowing as banks make stupid decisions and phishers get smarter in duplicating the exact wording and design of banking sites.]]> http://www.dslreports.com/forum/remark,18756380 Fri, 27 Jul 2007 07:10:54 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756302 Mele20 :
said by jdong See Profile :

There are sites like that where I'd refuse to use it just because it's so difficult to determine if it's actually real. Chase also presents the initial login form to their online banking unencrypted by default, which has been discussed before, which IMO is bad practice because it leaves the site vulnerable to MITM tampering before entering the form.
No, ChaseOnline, which is their banking site, uses SSL page for logon. You are not supposed to use the general Chase.com site to do your banking. You are supposed to go to ChaseOnline instead which is secure.

But the quiz didn't have a Chase page. It had CapitalOne. I thought both CapitalOne ones were fake. But I had to choose one so I chose the one that did not ask for my Social Security number (even though I knew the design was wrong) which I would not give on line EVER. (I don't apply for new credit cards online for that reason either).
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason
Click for full size
Not Chase
]]> http://www.dslreports.com/forum/remark,18756302 Fri, 27 Jul 2007 06:28:19 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756280 Mele20 : There is no Chase one. There is a CapitalOne one though. Or is there more than one version of this test?

I scored 9/10. I missed the CapitalOne one and I am a CapitalOne customer. :D I would immediately call CapitalOne technical support if I forgot my User ID (what is that - there is a User Name and a Password not a User ID) if they, or any bank, asked me for my Social Security number or tax ID number because I forgot my User Name or my Password! I have never forgotten it so I don't know what the procedure is but you are probably asked for the email address you registered with and a temporary password is sent to that address but I'm sure you get asked other stuff also but NEVER for Social Security number! You probably also get locked out until you call if you try more than 3 times with the incorrect password.

One time I went to ChaseOnline and went to login and was confronted with a locked account. I couldn't imagine why. I called immediately as that was my only choice given to rectify the situation. The rep said "This has never happened to you before and you have had an online account ever since we started online banking"? He was incredulous and said I was extremely lucky as this happens frequently to most users. He explained that someone used my username and their password and couldn't get into what they thought was their account and they kept trying three times and the account was locked until I called. I had a simple user name from when Chase first started online banking and the process was so convoluted then with two different sites to navigate to use it to pay a credit card (within the time limit) that I was not concerned about the simple user name (plus I added a two digit number to the name) and I just never changed it. So, I changed it to a very complicated one and that has never happened again.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason]]> http://www.dslreports.com/forum/remark,18756280 Fri, 27 Jul 2007 06:13:40 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756182 MGD :
said by Doctor Four See Profile :

There was a better example of a real vs. phished site quiz
posted either here or in the Scambusters forum a year or
two ago; I don't recall who it was created by, nor who had
posted it.
Are you referring to the Phishing IQ Test listed on the Scambuster forum links by chance?. However, that test was about phishmails, and did not include hosted sites.

[att=1]

MGD
]]> http://www.dslreports.com/forum/remark,18756182 Fri, 27 Jul 2007 04:35:32 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756147 MGD :
said by justin See Profile :

I think the test is kind of bogus because they removed the address bar for several of the questions.
They can all be easily identified if your browser cannot be tricked into changing the URL in the address bar.
I Agree, the majority of phishing sites are utility cloned copies of the real one, so typos and bad grammar are not that common.

They should not have hid the address bar, that is cheating :). Since a potential victim who has already clicked on the phishmail link believing that the mail is legit, are already 30%+ phished. One of the few remaining options is that they recognize that they have arrived at www.freehost.anyname.com/theirbankname/ and not www.theirbankname.com Expecting them to peruse the site and notice bad grammar or punctuation at this stage, is not in the cards. The dismal phrasing and bad grammar are more commonly contained in the phishmail itself.

That test exercise further confirms that for the average user recognizing and rejecting fraudulent emails is the primary method of combating phishing. Educating them that no reputable organization sends unsolicited email that leads to a request for their banking data, their SSN, DOB, and mother's maiden name, is ever legitimate.

MGD]]> http://www.dslreports.com/forum/remark,18756147 Fri, 27 Jul 2007 04:13:08 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756126 LeeBee : some were real buggers!

10 - Yay!
]]> http://www.dslreports.com/forum/remark,18756126 Fri, 27 Jul 2007 03:56:31 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18756105 mindypin : :)I can't really brag, though, because I really sort of guessed at the Amazon page. That one was tough. I always type in the link myself when going to a website where I'm going to be doing secure transactions. Also, I never, ever link to secure sites through email. Thanks for posting this quiz - I emailed it to a bunch of my friends who aren't that savvy about identifying scams. :D
]]> http://www.dslreports.com/forum/remark,18756105 Fri, 27 Jul 2007 03:42:06 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18755857 Link Logger : Interesting but I have a problem with #5 as both are fake in my opinion and I've attached my mark up for the so called real one. I agree the one has the double drop down which is a give away, but the so called real is missing footer components as well which can be a give away of a lazy phisher.

Check out Amazon.com and tell me if you think they are both fake as well.

Blake
Edit -- I'm so tired at the moment that it seems the english language is beyond me.
Click for full size
]]> http://www.dslreports.com/forum/remark,18755857 Fri, 27 Jul 2007 01:53:03 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18755783 koolman2 : I got all but the Myspace one correct.
--
There's no place like ::1.]]> http://www.dslreports.com/forum/remark,18755783 Fri, 27 Jul 2007 01:24:36 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18755520 SnowyOne :
said by RobertLudlum See Profile :

Hmm only 2/10. I don't know how you guys can figure out which ones are phishes without looking at the url.
Well, you can't. Without seeing the URL the best you can do is guess. Your 2/10 is interesting. If you're a gambling man your mine. :D]]> http://www.dslreports.com/forum/remark,18755520 Fri, 27 Jul 2007 00:21:44 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18755492 jdong : No, but many of them do use online PW verification forms regularly/randomly that ask for your account number, phone number, and another form of ID (usually SSN)...
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18755492 Fri, 27 Jul 2007 00:14:20 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18755408 KrK : 9 out of 10. Missed the Amazon one. Many were pretty obvious but the Amazon one was pretty hard.

I based my guess upon the way it asked for the name and password, and I guessed wrong. I didn't notice the "!"

Still, half the battle is how you got to the site in the first place. If it's a phishing email, I'm not going to fall for it anyway. I've gotten very realistic looking emails without grammar or spelling errors, however, I know from repeated reports and assurances that companies like Paypal or Citibank, eBay, etc etc are NEVER going to send you an email directing you to "Enter your account information so we can verify you".
--
"Regulatory capitalism is when companies invest in lawyers, lobbyists, and politicians, instead of plant, people, and customer service." - former FCC Chairman William Kennard (A real FCC Chairman, unlike the current Corporate Spokesperson in the job!)]]> http://www.dslreports.com/forum/remark,18755408 Thu, 26 Jul 2007 23:58:43 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754744 81399672 : 6/10]]> http://www.dslreports.com/forum/remark,18754744 Thu, 26 Jul 2007 22:13:35 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754727 neonhomer : 9/10 for me.... I missed the Paypal one... That was a boneheaded move... and I use PayPal a lot... LOL....]]> http://www.dslreports.com/forum/remark,18754727 Thu, 26 Jul 2007 22:11:18 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754520 David :
said by Portmonkey See Profile :

Missed the Chase Bank and Amazon. :)
I missed the amazon, and one of the final questions, got 8/10 though. The amazon one was tough though. ]]> http://www.dslreports.com/forum/remark,18754520 Thu, 26 Jul 2007 21:45:16 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754235 Dr Tweak : 9 out of 10, I had a careless mistake.

:)]]> http://www.dslreports.com/forum/remark,18754235 Thu, 26 Jul 2007 21:06:21 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754228 jdong : IMO this is a "Face it you're a dimwit, you can't tell the difference. Now give me 50 bucks to protect you" marketing ploy. The tests were pretty ridiculous and not gonna help you in the real world much.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18754228 Thu, 26 Jul 2007 21:05:08 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18754112 Doctor Four : There was a better example of a real vs. phished site quiz
posted either here or in the Scambusters forum a year or
two ago; I don't recall who it was created by, nor who had
posted it.]]> http://www.dslreports.com/forum/remark,18754112 Thu, 26 Jul 2007 20:48:14 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18753387 djrobx : I got 9/10 but I agree, this test is bogus. Duplicating the exact page a site uses, word for word, even pixel for pixel, is not that hard to do.

One major criteria I used to know the answer was, "Is the site asking for too much information?". No "security check" should need you to completely re-enter all of your personal information and account numbers.

Awkward grammar is certainly something to look for, but is hardly conclusive, yet seems to be the basis of this test!

I got the Zimbabwean 404 one wrong, because I'd never heard of that particular scam before.
--
Laser eye surgery rocks! I love frickin' laser beams.]]> http://www.dslreports.com/forum/remark,18753387 Thu, 26 Jul 2007 19:03:09 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18753365 jdong :
said by RobertLudlum See Profile :

Hmm only 2/10. I don't know how you guys can figure out which ones are phishes without looking at the url.
I gotta admit, mostly familiarity. I have accounts with all these sites and can tell that they are not like the ones I use... In addition, as it pointed out, there are times you can OBVIOUSLY tell the layout is different or the grammar is all botched up that is uncharacteristic of a billion-dollar company.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18753365 Thu, 26 Jul 2007 18:57:00 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18753261 RobertLudlum : Hmm only 2/10. I don't know how you guys can figure out which ones are phishes without looking at the url. ]]> http://www.dslreports.com/forum/remark,18753261 Thu, 26 Jul 2007 18:40:10 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18753211 exocet_cm :
said by jdong See Profile :

said by russotto See Profile :

Yep, the "fake" Chase page is real (linked from chase.com), though the real page has more stuff off to the bottom.

If I'd seen it while trying to actually fill out a mortgage I might not trust it either, as its URL is "chasemortgage.dorado.com" and not "chase.com". But I think it is.
There are sites like that where I'd refuse to use it just because it's so difficult to determine if it's actually real. Chase also presents the initial login form to their online banking unencrypted by default, which has been discussed before, which IMO is bad practice because it leaves the site vulnerable to MITM tampering before entering the form.
I agree with ya there jdong See Profile about the MITM attack possibility. A few of the folks here in the security forum need to slap the chase security gurus around a bit and clean up their act for em.
--
"I have measured out my life with coffee spoons..." - T.S Eliot
Check out ma blog: »www.johndball.com]]> http://www.dslreports.com/forum/remark,18753211 Thu, 26 Jul 2007 18:31:18 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752899 quatrix :
said by robo_mojo See Profile :

I got to Question 3 which doesn't even show a URL, and stopped the test. I won't be arsed to determine whether a site is a phish or not if I can't even see a URL.

I realize that I'm probably supposed to be looking at the horrible misuse of the English language in one of the choices, and that is probably what they are saying is a phish. But that is hardly an appropriate way to spot a phishing site.
Couldn't have said it better myself... I also quit after two questions in a row were missing the URL. I pick out grammar and spelling problems better than most, but it's not worth the time when the biggest/easiest clue is missing.]]> http://www.dslreports.com/forum/remark,18752899 Thu, 26 Jul 2007 17:39:52 EDT   http://www.dslreports.com/forum/remark,18752681 Dude111 : Yes i agree Matey 100%

said by Lanik :
Same. Some of them are pretty good or I wasn't looking closely enough.
Yes they are all mostly VERY GOOD (Hard to spot)]]> http://www.dslreports.com/forum/remark,18752681 Thu, 26 Jul 2007 17:04:13 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752673 jabarnut : For the heck of it, I decided to pick the 'spoofed' sites instead of the 'authentic' sites.

I did very well, actually......answered 1 of 10 questions "correctly". :D

Although, I agree with justin that the whole thing is pretty bogus, for the reason mentioned.

(Edit) Oops...almost forgot the screenshot.
[att=1]

I let those dang "scammers" fool me for sure.
I'm going to get SiteAdvisor right away!!!

Maybe I should even go for the "Best Value SiteAdvisor PLUS 3-User Family Pack!" :o
(Reg. $49.99, now only $19.99. I save $30.00!)

Hmmmm...wonder who's really doing the scamming here?
]]> http://www.dslreports.com/forum/remark,18752673 Thu, 26 Jul 2007 17:02:47 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752668 psafux : 9/10. They got me on amazon :P i dont visit amazon so im OK ! lol.
--
Yes. the cat in my avatar is indeed mine.]]> http://www.dslreports.com/forum/remark,18752668 Thu, 26 Jul 2007 17:01:41 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752494 justin : I think the test is kind of bogus because they removed the address bar for several of the questions.
They can all be easily identified if your browser cannot be tricked into changing the URL in the address bar.]]> http://www.dslreports.com/forum/remark,18752494 Thu, 26 Jul 2007 16:35:12 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752207 jdong :
said by russotto See Profile :

Yep, the "fake" Chase page is real (linked from chase.com), though the real page has more stuff off to the bottom.

If I'd seen it while trying to actually fill out a mortgage I might not trust it either, as its URL is "chasemortgage.dorado.com" and not "chase.com". But I think it is.
There are sites like that where I'd refuse to use it just because it's so difficult to determine if it's actually real. Chase also presents the initial login form to their online banking unencrypted by default, which has been discussed before, which IMO is bad practice because it leaves the site vulnerable to MITM tampering before entering the form.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18752207 Thu, 26 Jul 2007 15:56:51 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752158 russotto : Yep, the "fake" Chase page is real (linked from chase.com), though the real page has more stuff off to the bottom.

If I'd seen it while trying to actually fill out a mortgage I might not trust it either, as its URL is "chasemortgage.dorado.com" and not "chase.com". But I think it is.]]> http://www.dslreports.com/forum/remark,18752158 Thu, 26 Jul 2007 15:48:42 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752141 jaykaykay : I shocked the heck out of myself. I got 7 out of 10 but really didn't think I would do even that well.]]> http://www.dslreports.com/forum/remark,18752141 Thu, 26 Jul 2007 15:46:39 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752102 jcr46385 : I see i'm not the only one, Chase down 3 sofar and counting. ;)]]> http://www.dslreports.com/forum/remark,18752102 Thu, 26 Jul 2007 15:39:41 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18752075 anon : I've taken this up with the site I saw it on and sent a message to site advisor about it.

When I compared the actual chase page to the page they said was wrong. They seem exactly the same.

chase.com Under Personal Lending click mortgage
New page: Under Apply online click online mortgage application

I compared the picture to the live site and found no difference. Also the other possibly fake page you are presented with is on a different step in the process.]]> http://www.dslreports.com/forum/remark,18752075 Thu, 26 Jul 2007 15:34:48 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751664 Blue2 : Here's example number 11. Real or fake? I'll even make it easy and tell you where to look.
Click for full size
]]> http://www.dslreports.com/forum/remark,18751664 Thu, 26 Jul 2007 14:30:40 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751658 roztaylor :
said by barqsdrinker See Profile :

[snip] Even with the poor phrasing, why would one care about whether or not the site was real - you don't have an account so you know it is fake.
I've been receiving email from Chase bank over the last few months. I thought it was either phishing or spam (and treated it as such). Turns out the credit card that I never use, changed banks. I suppose they sent me a letter and I read it, but since I never use the card I forgot the bank change--until the new card showed up in the mail.
--
Choose to make it a good day... don't wait for something good to happen!]]> http://www.dslreports.com/forum/remark,18751658 Thu, 26 Jul 2007 14:29:53 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751550 alrandolph : i got 8/10 correct. I missed the Capital One and the last one.]]> http://www.dslreports.com/forum/remark,18751550 Thu, 26 Jul 2007 14:11:42 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751504 Jason Levine :
YOU ANSWERED 8 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru
A few of them were tough without the address bar. I would have gotten 10 out of 10 had I had that additional information.]]> http://www.dslreports.com/forum/remark,18751504 Thu, 26 Jul 2007 14:04:19 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751420 jjoshua : I missed the Chase one. The fake site asks for less information that the real one (ss#).

Also, the fake site looks nicer.]]> http://www.dslreports.com/forum/remark,18751420 Thu, 26 Jul 2007 13:52:53 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751335 jdong : I scored 9/10... failed the SSL question. I contemplated what they meant by this.... I interpreted as the SSL certificate being shown on the correct URL, in addition to no signature mismatch errors.

Obviously McAfee just meant "don't trust something just because it shows a padlock" which is certainly true.

I liked this test -- I think it takes some close examination to catch these tiny nuances.
--
UbuntuForums Administrator: try Ubuntu Linux]]> http://www.dslreports.com/forum/remark,18751335 Thu, 26 Jul 2007 13:38:58 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18751028 shearer : I scored 8/10. Missed the Amazon & Chase ones. Am not the least bit bothered by failure to get 10/10.

In real life, I manually examine SSL certs and do netstat/lookups. Unless it's an email, I don't pay **too** much attention to words on webpages as legit sites can have "awkward phrases" and spelling typos.]]> http://www.dslreports.com/forum/remark,18751028 Thu, 26 Jul 2007 12:56:56 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18750605 Doctor Four : I got 10 out of 10 right. The key to those without URLs
is to look for spelling and grammatical errors, as well
as awkward phrasing.

Those are surefire signs that the email/site isn't legit.

Another sign is incorrect logos or designs - in the case
of both the AOL and Capitol One examples, those were wrong.
--
"The trouble with computers, of course, is that they are very sophisticated idiots." - Doctor Who (from Robot)
We are the Hacker Collective: Resistance Is Futile - All Your AACS Keys Will Be Assimilated.]]> http://www.dslreports.com/forum/remark,18750605 Thu, 26 Jul 2007 11:48:43 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18750598 EGeezer :
I got 9 of 10 - I guessed on the last one because an examination of the SSL will reveal whether it's spoofed or not. However, McAffee must feel that examining the certificate for an untrusted issuer or self-issued cert is insufficient.

As others say, the URL and how the user was directed to the link is a quick tipoff, but lacking that information, the grammar and phrasing helped.

However, if a phish site is grammatically correct, or made using a Rock Phish kit, the sites may not have such errors.

I think use of site advisor and other similar tools is a good thing, but I suspect that these are based on a frequently updated list and that "zero-day" phish sites of smaller regional/local business sites might slip through the application.
--
Sive enim ad sapientiam perveniri potest, non paranda nobis solum ea, sed fruenda etiam est

Belt and suspenders where my money and identity is concerned, thats me :D
]]> http://www.dslreports.com/forum/remark,18750598 Thu, 26 Jul 2007 11:47:39 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18750474 robo_mojo : I got to Question 3 which doesn't even show a URL, and stopped the test. I won't be arsed to determine whether a site is a phish or not if I can't even see a URL.

I realize that I'm probably supposed to be looking at the horrible misuse of the English language in one of the choices, and that is probably what they are saying is a phish. But that is hardly an appropriate way to spot a phishing site.

It would be very silly to give a site your bank account login info only because the site had proper spelling and grammar.

But then again, this test is trying to sell a product, so it isn't a surprise that it is misleading. ]]> http://www.dslreports.com/forum/remark,18750474 Thu, 26 Jul 2007 11:24:08 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18750139 anon : 10 out of 10. It wasn't hard at all. It would have been even easier if we had some context. That is, how the user arrived at the webpage. That is all not to mention, except for the first question, we never get to see any info regarding the url of the webpage.]]> http://www.dslreports.com/forum/remark,18750139 Thu, 26 Jul 2007 10:26:24 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18750001 exocet_cm :
said by jcr46385 See Profile :

9/10 here, one i missed was my Bank. :uhh:
Ouch! :p It's ok, I missed my bank (Chase) as well. Apparently there are gramatical errors on the phishing page that I overlooked. Glad I do MOST of my banking in person. The only online banking I do is checking my balances, and that is it.

Edit: They need to have music playing in the background; Amadeus Mozart - Piano Concerto in E Flat, #482
--
"I have measured out my life with coffee spoons..." - T.S Eliot
Check out ma blog: »www.johndball.com
]]> http://www.dslreports.com/forum/remark,18750001 Thu, 26 Jul 2007 10:02:20 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749935 swhx7 : Blue2 and SnowyOne are basically right: the quiz is worthless. But it's actually worse than useless because it teaches people to judge by the wrong criteria.

The most basic thing you need to look at is the URL. It was actually *missing from the picture* in at least one of the questions (I quit at that point). Yes, other clues are important too, but without the URL you can't be sure.

There was another quiz like this with images of emails, asking visitors to spot the phishes. That too was worse than useless: they showed HTML-rendered displays, with all the true URLs behind the links invisible, and the headers not showing. Thus all the relatively reliable indicators of where it came from were missing, and they were effectively training people to rely on superficial appearances instead.

With the amount of effort that's been put into this slick quiz, they could easily have made a good start on teaching people the basic technical facts that would really help them.

The underlying idea seems to be that the public just can't learn anything that involves more text and thinking and less of the colorful pictures. Such idea is stupid and harmful.

'Scuze me for ranting.]]> http://www.dslreports.com/forum/remark,18749935 Thu, 26 Jul 2007 09:49:12 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749930 jcr46385 : 9/10 here, one i missed was my Bank. :uhh:]]> http://www.dslreports.com/forum/remark,18749930 Thu, 26 Jul 2007 09:47:52 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749838 Zaber : 9 out of 10 here. I missed the Chase bank one. Then again who says that all professional sites are perfect in their grammar? I was looking more at the page layout and what information they asked for. A real test would have included more information (where the link came from, etc).
--
Give a man a fish and he eats for a day, teach a man to fish and he will feed himself for a lifetime]]> http://www.dslreports.com/forum/remark,18749838 Thu, 26 Jul 2007 09:24:34 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749797 JohnInSJ : YOU ANSWERED 9 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru

Missed the Amazon one.

However, my first thought was - ewwue, they're using IE, they must all be phishing attempts ;)
--
My place : »www.schettino.us]]> http://www.dslreports.com/forum/remark,18749797 Thu, 26 Jul 2007 09:15:02 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749774 yock : 9 of 10 correct. I've never been a customer of Chase Bank and have never visited their site. ]]> http://www.dslreports.com/forum/remark,18749774 Thu, 26 Jul 2007 09:07:14 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749629 Blue2 : Yes, DojiStar, in the real world, no one is given two alternatives to choice between and is told that one of them is a phish. A far better test might have been to make ALL the choices phishes, thereby proving how deceiving looks can be.

It might be interesting to get times spent looking at these twenty examples as well as scores. ]]> http://www.dslreports.com/forum/remark,18749629 Thu, 26 Jul 2007 08:23:40 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749507 redhat1968 : YOU ANSWERED 7 OF 10 QUESTIONS CORRECTLY
Rating: Safety Guru ]]> http://www.dslreports.com/forum/remark,18749507 Thu, 26 Jul 2007 07:47:17 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749484 barqsdrinker : I got 8 out of 10; but like most, I didn't care for it, either. What if you don't have an AOL, Amazon, or Capital One account?? Even with the poor phrasing, why would one care about whether or not the site was real - you don't have an account so you know it is fake.
--
Thanks for reading! :)]]> http://www.dslreports.com/forum/remark,18749484 Thu, 26 Jul 2007 07:36:35 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749420 John_W : Well I got them all right, but with the quiz, you knew there was one that was a phish site. So you took the extra time to go over each one. In real life, with no comparison site, would you be able to catch all of these.

The quiz was a bit off because you could not tell the context to which the person got to the site. Was it from an unsolicited email, mistyped website? You also couldn't hold your mouse over links to see if they were legitimately owned by the company you were looking for. That made the quix more difficult.

So in some cases it may be more difficult to figure it out, but in some cases finding out it is a phish site may be easier than the quiz was.
--
Team Discovery--BBR Team Helix
Click for full size
]]> http://www.dslreports.com/forum/remark,18749420 Thu, 26 Jul 2007 07:08:57 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749403 SnowyOne : I wouldn't go as far as saying that the test is a total disservice to the internet community, but I certainly wouldn't call it a bonafide service either. The test does raise awareness of phish hosts so give it credit for that. Suggesting that visual clues are a legitimate method of determining whether a site is who it claims to be is a disservice to the internet community. The focus needs to be how on to avoid landing on a phish page. Not surprisingly it suggests using it's site advisor for maximum protection. Not surprisingly that's also a disservice to the internet community in the context of determining a sites authenticity. The poor grammar, spelling & malformed phish examples they are using on their test pages occur so infrequently in comparision to the perfectly formed phish hosts we see today that it's a disservice to make them central to the test. The best protection is simple & free. Not clicking a link in an email will provide more protection than visual clues & site advisor combined. Guaranteed.]]> http://www.dslreports.com/forum/remark,18749403 Thu, 26 Jul 2007 06:59:10 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749286 Blue2 :
said by nwrickert See Profile :

9/10. However, I didn't much like it. The information being used to distinguish is of marginal value.
I agree. This test is a terrible way to test security knowledge.

1. "Missing Security Center" link means that it's a phish? (But when my bank changes its SSL login page to a non-SSL page I'm supposed to believe that this is the real site?)

2. "Awkward phrasing" (Hahahaha. I think my bank ONLY hires people for their awkward phrasing.)

3. "Space between end of word and punctuation"? (Yeah, sure, no programmer would ever do that?)

4. "Vague but scary warning." (Huh?)

5. "PayPal Account Department doesn't sound real." (But "PayPal Executive Escalations", a real division, does?)

6. Knowing the name of a phishing scam protects you? (Whether it's called ""Zimbabwean 404" or "Nigerian 419" means nothing. The point is to recognize WHY it is a scam, not its name.)

All this test says to me is that if I were a potential scammer, I should just copy the precise wording from the authentic site or get out my dictionary and 99% of the web users in this world are toast!

I continue to maintain that spelling is a horrible test of authenticity, as the spelling of many of the posts on this forum alone demonstrate.]]> http://www.dslreports.com/forum/remark,18749286 Thu, 26 Jul 2007 05:53:41 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749257 Doctor Olds : First try. :-)
]]> http://www.dslreports.com/forum/remark,18749257 Thu, 26 Jul 2007 05:24:08 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749193 Psicop : 7/10.

Doesn't worry me. I NEVER do any of financial & business transactions online.

I learned how dirty is the Internet with this regards several years ago from one of my ex-flatmates a sys admin at Mincom who also happened to use Knoppix.

Thnx for providing the link, dude111.]]> http://www.dslreports.com/forum/remark,18749193 Thu, 26 Jul 2007 04:10:52 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749157 Owlbet : I got 8 out of 10 correct. If I would have taken the time to completely read both pictures, I would have found the grammatical errors on #4 & the logo error on #8.]]> http://www.dslreports.com/forum/remark,18749157 Thu, 26 Jul 2007 03:46:12 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749054 Portmonkey : Missed the Chase Bank and Amazon. :)
]]> http://www.dslreports.com/forum/remark,18749054 Thu, 26 Jul 2007 02:56:39 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18749044 tempnexus : I got 9/10 right...just missed the SSL wrong...but maybe because I actually read the certificate fully and not just look at the picture.

»www.siteadvisor.com/quizzes/phis···#quiztop]]> http://www.dslreports.com/forum/remark,18749044 Thu, 26 Jul 2007 02:52:53 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18748982 nwrickert : 9/10. However, I didn't much like it. The information being used to distinguish is of marginal value. Some phish sites are very good and cannot be distinguished in this manner. And even real sites can make grammatical errors on their web pages.

In practice you have other information available that is more reliable - the email headers, the hostname of the web page are examples.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4]]> http://www.dslreports.com/forum/remark,18748982 Thu, 26 Jul 2007 02:29:56 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18748841 amysheehan :
said by Dude111 See Profile :

Can you tell a real site from a phony one?
Try this test and learn:
»www.mcafee.com/phishing_quiz

I got 5/10 right :)
Got 9/10 correct - missed the URL redirect for myspace - never been there and looked more at the layout and missed the obvious.

:)
--
DSLR Phishtracker]]> http://www.dslreports.com/forum/remark,18748841 Thu, 26 Jul 2007 01:38:28 EDT Re: Can You Identify Phishing? http://www.dslreports.com/forum/remark,18748790 Lanik :
said by Dude111 See Profile :

I got 5/10 right :)
Same. Some of them are pretty good or I wasn't looking closely enough. ;)
--
"If it ain't broke don't fix it."]]> http://www.dslreports.com/forum/remark,18748790 Thu, 26 Jul 2007 01:21:03 EDT Can You Identify Phishing? http://www.dslreports.com/forum/remark,18748749 Dude111 : Can you tell a real site from a phony one?
Try this test and learn:
»www.mcafee.com/phishing_quiz

I got 5/10 right :)]]> http://www.dslreports.com/forum/remark,18748749 Thu, 26 Jul 2007 01:03:21 EDT