Re: (not really a) Proposal to anti-phishing

[Rishi Pande <rishi.pande () gmail com>]

I like the quiz but there is no data on participants. My whole point in 
finding who is more susceptible to phishing was to see if perhaps the 
online banking problem would solve itself after some years - as more 
and more young, internet-savvy users start using these services.
As much as I like Kevin's idea, it is difficult to recall something 
that users and corporations like just because of "security". As long as 
the profits from sending better looking emails are higher than the 
losses, corporations will be willing to take it.
Just my $0.02.
Rishi

On Jan 24, 2005, at 2:28 PM, Wall, Kevin wrote:

> Mike Andrews writes...
>
> > I remember doing a quiz on phishing some time ago.  After much
> digging,
> > here's a link to the quiz (version 2)
> >
> > http://survey.mailfrontier.com/survey/quiztest.html
> >
> > Sorry, it doesn't give any results of the survey - perhaps someone
> could
> > email the company and ask about the results, especially which ones
> people
> > didn't get.
>
> Of course, the "quiz" is pretty much useless. There are some obvious
> phishing attempts, but the few that look (are?) legitimate, one can't
> really tell because all they give you is an image, so you can't really
> see what the links are pointing to or do a 'view source', etc.
>
> Of course, the point should be one should ALWAYS go to the the
> web site directly to type in the appropriate URL (if they know
> what it is; otherwise look up their site on a search engine
> and then type it in).
>
> But IMHO, I think that HTML e-mail should be outlawed, period. That
> alone
> might go a long way to eliminating a lot of phishing schemes, 
> especially
> the ones that rely on bugs in the MUA's HTML rendering engine to entice
> the victims.
>
> -kevin wall