funsec mailing list archives

Re: The solution to Phishing

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 25 Oct 2005 14:13:19 +1300

Craig Webster to Blanchard_Michael () emc com:

 The banks should send out bogus messages just like a real phishing  
attack
and set up a bogus web site that looks just like their real one.  If a
customer logs into that site from the phishing e-mail, their internet
banking privledges are revoked for 30 days.  If it happens again,  
their
internet privledges are revoked completely.

  Done and dusted... Kinda like darwinism with a second chance on  
life ;-)


Won't the victim be lulled into a false sense of security?
"Oh, if I enter my account details on the wrong site it's just a 30  
day ban..."
*bam* no pennies left.


Nah -- that's just "faster Darwinism"...

Face it -- some people really are just too stupid to be allowed to do 
some things (Dubya, president; thousands involved in self-inflicted, 
non-deliberate gun injuries  per year, gun ownership/access; persistent 
drunks, driving, etc, etc, etc).  We don't need a perfectly safe 
banking system -- we need a banking system that is "safe enough".

The _real problem_ (and the one that really bothers me) is how much is 
it costing me (in terms of extra %'age on my CC interest rate and/or 
extra %'age on my mortagage and/or in inflated monthly account charges 
or in reduced %'age interest on my savings, etc, etc) to support the 
current level of stupidity?

I mean, no-one here is gullible enough to believe that the banks 
actually _lose_ anything from all the identity fraud, etc we are 
(collectively) suffering, right?

So, how much is it costing _me_ to support the current level of idiot 
allowed to use the currently very weak online banking, sales, etc 
business?

I'd be much happier if I could easily find the comparative monetary 
cost of what is currently the banks, CC companies, etc deciding that 
current practice is (near enough to) "safe enough"...


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

The solution to Phishing Blanchard_Michael (Oct 24)
- Re: The solution to Phishing Craig Webster (Oct 24)
  - Re: The solution to Phishing Nick FitzGerald (Oct 24)
    - Re: The solution to Phishing Drsolly (Oct 25)
    - Re: The solution to Phishing Nick FitzGerald (Oct 25)
    - Re: The solution to Phishing Drsolly (Oct 25)
    - Re: The solution to Phishing Nick FitzGerald (Oct 25)
    - RE: The solution to Phishing Aditya Deshmukh (Oct 25)
- Re: The solution to Phishing Jeff Rosowski (Oct 24)
- Re: The solution to Phishing Paul Schmehl (Oct 24)
- Re: The solution to Phishing Jim Murray (Oct 24)
  - Re: The solution to Phishing Drsolly (Oct 24)
    - Re: The solution to Phishing Jim Murray (Oct 24)

(Thread continues...)