Comments on: Root Cause of Phishing Attacks http://www.allspammedup.com/2009/01/root-cause-of-phishing-attacks/ Wed, 08 Feb 2012 11:22:23 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Carl E. Reid http://www.allspammedup.com/2009/01/root-cause-of-phishing-attacks/comment-page-1/#comment-1927 Carl E. Reid Mon, 09 Mar 2009 03:27:51 +0000 http://www.allspammedup.com/?p=365#comment-1927 Thank you Macbuy for your feedback. You suggestions a good topics for future articles. Thank you Macbuy for your feedback. You suggestions a good topics for future articles.

]]> By: macbuy http://www.allspammedup.com/2009/01/root-cause-of-phishing-attacks/comment-page-1/#comment-1643 macbuy Mon, 26 Jan 2009 19:20:18 +0000 http://www.allspammedup.com/?p=365#comment-1643 I'm glad someone finally pointed this out. All the high-tech solutions out there still don't protect against user error, which is the entire crux of the phisher's enterprise. When asked to give their personal info to a url like "amazon-store-payments.com," some folks don't hesitate. The key is educating, and making phishers easier to spot. One note, though, I do think these goals dovetail nicely with those of some recent anti-phishing developments, particularly Extended Validation SSL -- there's nothing more robust on the back-end, but since the green url bar is impossible to duplicate it's easier to differentiate from phishing scams. I could see more practical solutions that keep the end-users eyes in mind being far more successful, even if some phishers have already been dropping the EV SSL name to sound more "with-it" (this won't be effective, though, once enough people understand how EV works). I’m glad someone finally pointed this out. All the high-tech solutions out there still don’t protect against user error, which is the entire crux of the phisher’s enterprise. When asked to give their personal info to a url like “amazon-store-payments.com,” some folks don’t hesitate. The key is educating, and making phishers easier to spot.

One note, though, I do think these goals dovetail nicely with those of some recent anti-phishing developments, particularly Extended Validation SSL — there’s nothing more robust on the back-end, but since the green url bar is impossible to duplicate it’s easier to differentiate from phishing scams. I could see more practical solutions that keep the end-users eyes in mind being far more successful, even if some phishers have already been dropping the EV SSL name to sound more “with-it” (this won’t be effective, though, once enough people understand how EV works).

]]>