Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [HV-PAPER] Anti-Phishing Tips You Should Not Follow

From: michaelslists () gmail com
Date: Fri, 31 Mar 2006 17:52:38 +1100
"
Tip #2: Invalid credentials work on impersonated websites.

If you feel there is something wrong with a website, use invalid
username and invalid password to log in. If the website then presents
you with the "Logon failed" page, you are possibly on a legitimate
website, so you may proceed with logging in using your correct
credentials. If it gets you right through - it is definitely a
phishing attempt.
"

argghh!!!!

-- Michael


On 3/31/06, vuln () hexview com <vuln () hexview com> wrote:


Every other online banking website features a long page on how
not to be a phishing victim. Good? Usually not. Many of those
web pages contain misleading tips and incorrect statements.

Read more: Phishing Tips Debunked

http://www.hexview.com/sdp/node/24

(Show this article to your computer-illiterate spouse to confuse
him/her even more :)



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFELM4HDPV1+KQrDqQRAtY7AJ9dS+3Mh2mXcxBwGua83FOEny8f5QCgoABh
IlKx99gnjcq4q+qrJengp0M=
=wDFW
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: