Comments on: An End To Bank-related Phishing http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/ Gadgets, gear and computer hardware. Fri, 05 Sep 2008 08:59:30 +0000 http://wordpress.org/?v=2.6.1 By: mathew http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216452 mathew Tue, 08 May 2007 19:14:39 +0000 http://crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216452 The phishing e-mail I get has URLs that don't look anything like the right URL. If this scam... er, scheme goes ahead, I'll get phishing e-mail that doesn't look like a .bank URL, instead of phishing e-mail that doesn't look like a .com URL. Whoop-de-doo. Somehow, I doubt that'll stop Joe MSNer from providing his bank login and password to a random web site in China. I mean, if he was checking URLs, he wouldn't be falling for phishing scams right now. The phishing e-mail I get has URLs that don’t look anything like the right URL.

If this scam… er, scheme goes ahead, I’ll get phishing e-mail that doesn’t look like a .bank URL, instead of phishing e-mail that doesn’t look like a .com URL. Whoop-de-doo.

Somehow, I doubt that’ll stop Joe MSNer from providing his bank login and password to a random web site in China. I mean, if he was checking URLs, he wouldn’t be falling for phishing scams right now.

]]> By: yoshi http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216413 yoshi Tue, 08 May 2007 18:31:19 +0000 http://crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216413 Won't help. Not one bit. 1) people don't understand URL's - the same phishing attacks that work against citibank.com today will work against citibank.bank. 2) only tries to fix one small issue with a problem that has a dozen different attack vectors - (e.g. doesn't fix dns poisoning) 3) although its meant to be an arbitrary number 50k is a lot of money for one or two retail outlet credit unions or banks Won’t help. Not one bit.

1) people don’t understand URL’s - the same phishing attacks that work against citibank.com today will work against citibank.bank.

2) only tries to fix one small issue with a problem that has a dozen different attack vectors - (e.g. doesn’t fix dns poisoning)

3) although its meant to be an arbitrary number 50k is a lot of money for one or two retail outlet credit unions or banks

]]> By: Scott http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216371 Scott Tue, 08 May 2007 17:21:23 +0000 http://crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216371 I'd have to guess that people fall for phishing email scams because they're undereducated about computer security, and/or they're careless. A new top-level domain will do nothing to remedy that... Worse still, it could make those same people even *more* careless; if they're told "only legitimate banks will have '.bank' in their address," once they see "www.yourbankname.bank" in a fraudulent email, they'll assume "this one must be real - it has '.bank' in it." I've seen PIN numbers written on the backs of debit cards, I've seen passwords written on Post-It Notes affixed to monitors, and I've seen countless news stories about people who sent their life savings to deposed Nigerian royalty millionaires... A ".bank" URL will not help these people. I’d have to guess that people fall for phishing email scams because they’re undereducated about computer security, and/or they’re careless. A new top-level domain will do nothing to remedy that… Worse still, it could make those same people even *more* careless; if they’re told “only legitimate banks will have ‘.bank’ in their address,” once they see “www.yourbankname.bank” in a fraudulent email, they’ll assume “this one must be real - it has ‘.bank’ in it.”

I’ve seen PIN numbers written on the backs of debit cards, I’ve seen passwords written on Post-It Notes affixed to monitors, and I’ve seen countless news stories about people who sent their life savings to deposed Nigerian royalty millionaires… A “.bank” URL will not help these people.

]]> By: Bill Minton http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216224 Bill Minton Tue, 08 May 2007 14:03:56 +0000 http://crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216224 It's sort of like raising the prices of bullets to $5k/bullet in an effort to lower fatal shootings. :) Actually, take a look at this (Crunchgear) article: http://crunchgear.com/2006/10/19/domain-name-%D0%BC%D1%83%D1%95%D1%80%D0%B0%D1%81%D0%B5com-for-sale-affordable/ It’s sort of like raising the prices of bullets to $5k/bullet in an effort to lower fatal shootings. :)

Actually, take a look at this (Crunchgear) article:
http://crunchgear.com/2006/10/19/domain-name-%D0%BC%D1%83%D1%95%D1%80%D0%B0%D1%81%D0%B5com-for-sale-affordable/

]]> By: trainwrecka http://www.crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216192 trainwrecka Tue, 08 May 2007 13:28:00 +0000 http://crunchgear.com/2007/05/08/an-end-to-bank-related-phishing/#comment-216192 one word: "GENIUS" one word: “GENIUS”

]]>