Re: Can You Identify Phishing?

Author	All Replies
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	reply to Dude111 Re: Can You Identify Phishing? 9/10. However, I didn't much like it. The information being used to distinguish is of marginal value. Some phish sites are very good and cannot be distinguished in this manner. And even real sites can make grammatical errors on their web pages. In practice you have other information available that is more reliable - the email headers, the hostname of the web page are examples. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · · 2007-07-26 02:29:56 ·
Blue2 Premium join:2004-04-14 France	said by nwrickert : 9/10. However, I didn't much like it. The information being used to distinguish is of marginal value. I agree. This test is a terrible way to test security knowledge. 1. "Missing Security Center" link means that it's a phish? (But when my bank changes its SSL login page to a non-SSL page I'm supposed to believe that this is the real site?) 2. "Awkward phrasing" (Hahahaha. I think my bank ONLY hires people for their awkward phrasing.) 3. "Space between end of word and punctuation"? (Yeah, sure, no programmer would ever do that?) 4. "Vague but scary warning." (Huh?) 5. "PayPal Account Department doesn't sound real." (But "PayPal Executive Escalations", a real division, does?) 6. Knowing the name of a phishing scam protects you? (Whether it's called ""Zimbabwean 404" or "Nigerian 419" means nothing. The point is to recognize WHY it is a scam, not its name.) All this test says to me is that if I were a potential scammer, I should just copy the precise wording from the authentic site or get out my dictionary and 99% of the web users in this world are toast! I continue to maintain that spelling is a horrible test of authenticity, as the spelling of many of the posts on this forum alone demonstrate.
Blue2 Premium join:2004-04-14 France	to forum · permalink · · 2007-07-26 05:53:41 ·
SnowyOne Premium join:2003-04-05 Kailua, HI ·RoadRunner Cable ·Clearwire Wireless	I wouldn't go as far as saying that the test is a total disservice to the internet community, but I certainly wouldn't call it a bonafide service either. The test does raise awareness of phish hosts so give it credit for that. Suggesting that visual clues are a legitimate method of determining whether a site is who it claims to be is a disservice to the internet community. The focus needs to be how on to avoid landing on a phish page. Not surprisingly it suggests using it's site advisor for maximum protection. Not surprisingly that's also a disservice to the internet community in the context of determining a sites authenticity. The poor grammar, spelling & malformed phish examples they are using on their test pages occur so infrequently in comparision to the perfectly formed phish hosts we see today that it's a disservice to make them central to the test. The best protection is simple & free. Not clicking a link in an email will provide more protection than visual clues & site advisor combined. Guaranteed.
	to forum · permalink · · 2007-07-26 06:59:10 ·


Friday, 19-Mar 07:06:04	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10.5 years online! © 1999-2010 dslreports.com.republican-creole page compression OFF