If I were to identify Phish, the easiest way is to just take a look at the address bar, and check the site (Yeah, the phisher can put an image on the address bar , but that is easy to figure out).Another precaution is beware of wrong SSL certificates. These 2 prime measures seem to have been conveniently ignored.
Just have a look:
This is the original aol phish page:
This is siteadvisor's explanation:
Bank of America Phish analysis offered by siteadvisor
Capital One Phish analysis
Its surprising how a security company promotes such crude means to identify phish.
The sad part is that these guys seem to imply that a site with correct grammar and graphics is NOT a Phish site.Imagine what such inference does to the grandma class of users. This is unfortunate.
No comments:
Post a Comment