[cap-talk] Phishing with YURLs and Petnames
Karp, Alan H
alan.karp at hp.com
Tue Feb 14 13:12:15 EST 2006
Tyler Close wrote:
>
> So, the easy rule of thumb here is: "If you click on a link in an
> email and the Petname Tool says 'untrusted', it's a phish. Use your
> petname bookmark to access the real site and report the phishing
> attack."
>
Dear BankTwo Customer,
Due to a break in at our online banking server, we have been forced to
revoke our digital certificate and issue a new one. Your petname won't
work with the new certificate. Please click on https://BankTwo.com.ru
and enter your petname. Then log in to verify that the change was
recorded correctly. At that time, we'll ask you to verify your personal
information.
We apologize for any inconvenience.
Online Banking Security Department
BankTwo
-----------------------------------
Think that might work? Of course, the proper defense is to click on
your bookmark to verify the problem, but not everyone is that clever.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Karp, Alan H.vcf
Type: text/x-vcard
Size: 423 bytes
Desc: Karp, Alan H.vcf
Url : http://eros.cs.jhu.edu/pipermail/cap-talk/attachments/20060214/6ec43905/KarpAlanH.vcf
More information about the cap-talk
mailing list