[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dear RIPE: Please don't encourage phishing

Subject: Dear RIPE: Please don't encourage phishing
From: rsk at gsp.org (Rich Kulawiec)
Date: Fri, 10 Feb 2012 14:16:12 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <CACB24MuxBvWwKATdV6FgKbSHAF=DzU6COYVmO5jXvjf+ue-gLg@mail.gmail.com> <[email protected]>

On Fri, Feb 10, 2012 at 12:28:22PM -0500, Steven Bellovin wrote:
> If they're intended as a path to log in with a typed password, that's correct.
> Sad, but correct.

I agree.  Training your customers/clients to click on URLs in email
messages is precisely equivalent to training them to be phish victims.

I teach people to (carefully!) bookmark the sites that they use which
require passwords, and to always use those bookmarks -- that is, *never*
to use the links in any mail message or on any web page.

(Of course, an attacker in control of their browser could manipulate the
bookmarks, but there is little reason for an attacker who's already gotten
that far to do so.)

---rsk

References:
- Dear RIPE: Please don't encourage phishing
  - From: smb at cs.columbia.edu (Steven Bellovin)
- Dear RIPE: Please don't encourage phishing
  - From: richard.barnes at gmail.com (Richard Barnes)
- Dear RIPE: Please don't encourage phishing
  - From: smb at cs.columbia.edu (Steven Bellovin)

Prev by Date: Dear RIPE: Please don't encourage phishing
Next by Date: Dear RIPE: Please don't encourage phishing
Previous by thread: Dear RIPE: Please don't encourage phishing
Next by thread: Dear RIPE: Please don't encourage phishing
Index(es):
- Date
- Thread