Why phishing works? (Was: Re: [LINK] Harvard arts-science requires
rick at praxis.com.au
Sat Feb 16 17:33:13 EST 2008
rchirgwin at ozemail.com.au wrote:
> So anything purporting to be from "St George Bank" is bogus, because I
> never signed on for e-mail from St George Bank. I don't need to stop and
> think, or look for clues. And I don't seem to have lost any convenience
> by staying out of the e-mail loop with my bank.
But as the Harvard paper cited in Marghanita's post mentioned, phishing
is working brilliantly. $ MILLIONS have been lost to the scams. The testing
the team did indicated that even IT "professionals" were often fooled by
good scamming techniques.
I do get lots of the St George Bank scams for some reason.
One thing I have done is check into which web server is being used for
dozens of phishing scams. They are all Apache running PHP/4 or PHP/5.
I do not think Apache itself is insecure, so I would put the blame
on PHP (full of holes) or else the owners of the servers are willingly
hosting the scam pages. I tend to think the former is the case.
Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch4
I do get a kick out the phishing scams that mention in the text that
there have been a number phishing attacks on this particular bank
and would you please log in to their new security system which prevents
further phishing attacks. LOL.
Rick Welykochy || Praxis Services
A polar bear is a rectangular bear after a coordinate transform.
More information about the Link