[cap-talk] an attack on the pet name tool bar
Ian G
iang at systemics.com
Thu Feb 10 09:13:18 EST 2005
OK, so here's the phishing attack against the
pet name: Alice's browser is set up to have a
pet name when browsing to the Bank.com.
Phisher sends a phish from AuditProcessBank.com
and says that ("blah blah") and please enter the
pet name as well as other details into the form.
If the user falls victim to this, a second pro-forma
phish is then created with a false petname bar
and the other details. (It would need to be
indexed off of the user's IP address I guess.)
So the question is, even though the pet name
provides a useful defence against phishing, what
is stopping the pet name itself from being phished?
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the cap-talk
mailing list