[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <442FB246.1181.C1130BD0@nick.virus-l.demon.co.uk>
Date: Sun Apr 2 00:15:36 2006
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: [HV-PAPER] Anti-Phishing Tips You Should Not
Follow
Marcos Ag?ero to Michal Zalewski:
> > Note to self: design my next phishing website to always display "logon
> > failed".
8-)
The phishmongers are well ahead of you there...
> Just as most of the phishing sites already do.
Really?
"Most"?
Still?
Admittedly I don't poke bogus credentials into every phishing site I
see, but I do prod a lot of them and of late the only thing I've seen
"fail" is a few sites doing Luhn checks on supplied CC #s and asking
you to more carefully re-enter the number.
The "iniitial fail" tactic was quite a popular a while back, but I
don't recall having seen it at all lately...
Regards,
Nick FitzGerald
Powered by blists - more mailing lists