RE: The solution to Phishing

[Blanchard_Michael () emc com]

 ok, if they fall for the scam, no 30 day "slap on the wrist period",
instant internet banking shut off for them :-)

  I'm sure most people know, I WAS kidding in that message :-)


Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, MCSE, MCP+I 
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
email:  Blanchard_Michael () EMC COM 

-----Original Message-----
From: Craig Webster [mailto:craig () xeriom net] 
Sent: Monday, October 24, 2005 3:56 PM
To: Blanchard, Michael (InfoSec)
Cc: funsec () linuxbox org
Subject: Re: [funsec] The solution to Phishing

On 24 Oct 2005, at 20:46, Blanchard_Michael () emc com wrote:

>  The banks should send out bogus messages just like a real phishing  
> attack
> and set up a bogus web site that looks just like their real one.  If a
> customer logs into that site from the phishing e-mail, their internet
> banking privledges are revoked for 30 days.  If it happens again,  
> their
> internet privledges are revoked completely.
>
>   Done and dusted... Kinda like darwinism with a second chance on  
> life ;-)

Won't the victim be lulled into a false sense of security?
"Oh, if I enter my account details on the wrong site it's just a 30  
day ban..."
*bam* no pennies left.

Yours,
Craig
--
Craig Webster | t: +44 (0)131 516 8595 | e: craig () xeriom net
Xeriom.NET    | f: +44 (0)709 287 1902 | w: http://xeriom.net


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.