WebApp Sec mailing list archives
Re: Smells like a phish, is a fish?
From: Cory Foy <Cory.Foy () mobilehwy com>
Date: Thu, 27 Oct 2005 08:21:32 -0400
Andrew van der Stock wrote:
I confirmed with the registrar that indeed they did send this phishy e-mail. How do we get through to large organizations - who really should know better - that they most of all shouldn't smell like a phish market?
When I see emails like the one you received it almost always is because they are trying to make it easier on the semi-technical users who are going to receive it. In the balance to make it dead easy to accomplish the task they propogate the format of phishing emails - /especially/ when they get redirected to some domain that has nothing to do with the company.
One answer, I would think, would be to have all transactions take place through the same login page the user always goes to. For example, with GoDaddy, they should have had you log into your account through the normal login page, and then presented you with the information.
I would think consistancy from an organization, especially in relation to login pages and account information, would be one important way to battle phishing scenarios.
Cory
Current thread:
- Smells like a phish, is a fish? Andrew van der Stock (Oct 27)
- Re: Smells like a phish, is a fish? Mat Farrington (Oct 27)
- Re: Smells like a phish, is a fish? Cory Foy (Oct 27)
- Re: Smells like a phish, is a fish? Mike Kuriger (Oct 27)
- Re: Smells like a phish, is a fish? Todd Hendricks (Oct 28)
- <Possible follow-ups>
- RE: Smells like a phish, is a fish? Ofer Shezaf (Oct 27)
- RE: Smells like a phish, is a fish? Damhuis Anton (Oct 27)
- RE: Smells like a phish, is a fish? M. Burnett (Oct 27)
- RE: Smells like a phish, is a fish? Christopher Reed (Oct 28)
- RE: Smells like a phish, is a fish? Tom Stowell (Oct 28)
- RE: Smells like a phish, is a fish? Damhuis Anton (Oct 28)
- RE: Smells like a phish, is a fish? Tom Stowell (Oct 28)
- RE: Smells like a phish, is a fish? Lyal Collins (Oct 28)
(Thread continues...)