Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Flaw In Human Brain Prevents Detection Of Phishing Websites


  • Please log in to reply
3 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 12 April 2006 - 11:19 AM

"Why Phishing Works" is a recent study (PDF) that examines phishing website techniques. The most visually deceptive website spoof in the study was able to fool 90% of the study's participants. That 90% figure includes the most technically advanced users among the participants. It was the look, not the spoofing of security features that did the job...

f-secure.com/weblog
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:48 PM

Posted 12 April 2006 - 09:48 PM

Hi quietman7, help me out a bit please as I don't do electronic banking. Were they looking for you to give them you're ID,as on the left, Or both ID and password, as on the right?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:48 PM

Posted 13 April 2006 - 05:43 AM

Actually the examples provided relate to the point of the last paragraph which asks "Why don't banks allow you to customize your online banking interface with a picture of your preference?" instead of a phishing scheme. The example on the right shows how a sign in page might look if the user were allowed to personalize it. In this case an image (group of demons) has been uploaded by the user so that when they go to log in, they will readily identify the page as legit because it will display that image.

The one on the left just shows advertisements which any phisher can host on a site that appears to be legit and which most users see when going to a spoofed site. Don't know why that one does not include a password box since passwords are one of the prime targets a phisher is looking for. Appears F-Secure was just providing an example of a personalized vs. non-personalized page which emphasized the "look" and its impact to the human brain as opposed to legit vs. non-legit.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:48 PM

Posted 13 April 2006 - 08:57 AM

Ok i understand and I guess i would be in the big percentile. As I thought they were both OK.
Perhaps .. I trade online commodities and equities. Whaen there is any issue, the email notifies me to contact. I then log in to them and dea; with the issue. I know it's them and they know it's me. I feel safe that way.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users