Re: The solution to Phishing

[Drsolly <drsollyp () drsolly com>]

On Mon, 24 Oct 2005, Jim Murray wrote:

> Blanchard_Michael () emc com wrote:
> >  The banks should send out bogus messages just like a real phishing attack
> > and set up a bogus web site that looks just like their real one.  If a
> > customer logs into that site from the phishing e-mail, their internet
> > banking privledges are revoked for 30 days.  If it happens again, their
> > internet privledges are revoked completely.
> >
> >   Done and dusted... Kinda like darwinism with a second chance on life ;-)
>
> No, no... treble bank charges for 6 months, a £250.00 'administration'
> penalty for changing their login details and an increas in the interest
> rate on borrowing for 6 months to cover potential losses due to user
> stupidity.
>
> THAT would soon stop phishing!

There has *always* been a tax on stupidity, and there has *never* been a 
shortage of stupidity. Taxes won't deal with phishing. 

All you have to do, is design a user-proof system, so that no matter what 
info the user gives to a phish, it can't be used for operating the user's 
account. This would cost a dollar per user, and reduce phishing losses for 
the participating banks to zero.

The question in my mind, is "Why aren't any banks doing it?"

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.