RE: FW: Need some help: IDEAS, Inc.

["Hannigan, Martin" <hannigan () verisign com>]

> > > this is NOT a good solution, since a successful phish attack
> > > in this case
> > > would look exactly like the official red cross web site.
> >
> > How's that one work?
>
> One form of DirectNIC's redirection, which the phisher was 
> supposedly using
> (I didn't check myself), uses a <FRAMESET> to hide the 
> redirect inside a
> frame, thereby not showing the real address in the browser 
> without deeper
> inspection.

Understood. If it's being pointed at redcross.org, a known
good guy site, that wouldn't be a problem, would it? It seems
that if the scammer is removed from the operation, it's not really
a problem anymore. 

I'm interested because I think there could be value in a page(s)
on an SP that says "This site terminated due to fraudulent activity"
and pointers to how to not be sucked into these things. 

> Personally, I'd prefer registrar lock myself, as that keeps 
> the distinction
> between scam and non-scam clear. 

Registrar lock is preferred on my part. The redirect idea was
creative. 


-M<