site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Danger - Phishing ahead > Simplest Solution

Search Topic:
 Uniqs:
217		 Share Topic
Post a:
Post a:
AuthorAll Replies


pleekmo
Triptoe Through The Tulips
Premium
join:2001-09-14
Manchester, CT
Reviews:
·AT&T DSL Service

Simplest Solution

Doesn't anybody [View Source] of their e-mails to make sure that a link is valid?

This would seem to be a very good way of determining if the link you are clicking on is to a valid site rather than a spoofed one. (Ditto for web sites, I suppose.)
to forum · permalink · 2003-12-11 02:37:51 ·


justin
Australian
join:1999-05-28
New York, NY
kudos:7
Host:
IPv6
Business Connectiv..
Console/Handheld g..
Home/Office setup ..
Photos of Broadban..

My email client linkifies appropriate plain text, but will not hide the link. Anyone using HTML to read email is nuts.

However - sure, you would have to 'view source' of email, web pages, pop-ups, bulletin boards? And what about redirections where you cannot catch where you were bounced around to?

the only thing that is on the side of the users here is that phish sites have mostly looked pretty lame. Spelling errors, graphic mistakes, etc. But it took me about 30 minutes to duplicate symantec as the demo. Give me a week and I could do the a most convincing job of reproducing the home page and login pages of a bunch of sites, then inject these fake URLs into the community and collect passwords.

You could even ask for someones login name and password once, then redirect the browser to the real page. They user thinks they made a mistake, and types it in again. Oldest trick in the book.

to forum · permalink · 2003-12-11 03:04:42 ·

BigAl233
Premium
join:2001-08-14
New York, NY

said by justin:
You could even ask for someones login name and password once, then redirect the browser to the real page. They user thinks they made a mistake, and types it in again.
You don't even have to do that.
You could ask for the login name and password, then after capturing the info, submit the form info to the real page.
The user wouldn't even think he made a mistake!
to forum · permalink · 2003-12-11 12:01:43 ·


N10Cities
Premium
join:2002-05-07
Lavaca, AR
Reviews:
·Cox HSI
·World Lynx

reply to pleekmo

said by pleekmo:
Doesn't anybody [View Source] of their e-mails to make sure that a link is valid?

This would seem to be a very good way of determining if the link you are clicking on is to a valid site rather than a spoofed one. (Ditto for web sites, I suppose.)
This is a very good way to verify the webpage, but newbies out there would not have a clue what they are looking at. Would just look like jibberish to them. Techies like us could look and go 'Ah HA!
to forum · permalink · 2003-12-11 18:08:30 ·
Forums > Danger - Phishing ahead

Monday, 04-Jun 14:34:27 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics