Today, I got a Mcafee link which apparently is a phish awareness testing quiz.So, off I went , took the quiz, got 7/10.Great. Now to the point: Somehow, I never expected a security company to offer lame ways of identifying Phish.
If I were to identify Phish, the easiest way is to just take a look at the address bar, and check the site (Yeah, the phisher can put an image on the address bar , but that is easy to figure out).Another precaution is beware of wrong SSL certificates. These 2 prime measures seem to have been conveniently ignored.
Just have a look:
This is the original aol phish page:
This is siteadvisor's explanation:
Bank of America Phish analysis offered by siteadvisor
Capital One Phish analysis
Its surprising how a security company promotes such crude means to identify phish.
The sad part is that these guys seem to imply that a site with correct grammar and graphics is NOT a Phish site.Imagine what such inference does to the grandma class of users. This is unfortunate.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment