Morac
join:2001-08-30
Riverside, NJ
 ·Comcast
| Microsoft's Solution
"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself." - »support.microsoft.com/default.as···];833786 |
|
SpyderWoman
Premium
join:2002-06-11
Mustang, OK
clubs:
| Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."
Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.
Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.
Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate". |
|
mastermind278
Premium
join:2001-07-12
Newark, NJ
clubs: 
 ·Optimum Voice
·Optimum Online
| My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life ® ™ © |
|
Omega
Displaced Ohioan
Premium
join:2002-07-30
Cheyenne, WY
clubs: | The way I do it is just look at the status bar at the bottom of IE. It shows you the true link. |
|
ParanoiaInc
join:2002-08-28
Tucker, GA | reply to Morac
True, but for those in a rush this is still a major problem when the fake links start infecting search engines. |
|
Morac
join:2001-08-30
Riverside, NJ
·Comcast
| reply to Omega
said by Omega  :
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.
There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.
Or use scripting to obscure it.
Either way, looking at the status bar doesn't guarantee you're going to a real site. |
|
