nanog mailing list archives

Re: Dear RIPE: Please don't encourage phishing

From: Sven Olaf Kamphuis <sven () cb3rob net>
Date: Sun, 12 Feb 2012 19:22:06 +0000 (UTC)

btw, i'm quite sure that -banks- of all things have the resources to justtake the transaction part for consumers -off their pcs- and simply sendthem a dedicated device with an ethernet port to do the transactions on.


the same way they do in shops.

no more bothering with "omg what if they click a link, get phished and endup in the transaction interface", as there simply won't be a web basedtransaction interface.

guess the "its not allowed to cost anything" mentality of banks towardsthe internet is mostly gone (About time too ;) so they could considerother options besides "using the hardware that's allready there and ownedby the customer (and full of virusses and spyware ;)"


--
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
         D-13359                   Registration:    HRA 42834 B
         BERLIN                    Phone:           +31/(0)87-8747479
         Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven () cb3rob net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Sun, 12 Feb 2012, Rich Kulawiec wrote:

On Sun, Feb 12, 2012 at 04:44:13AM -0500, Vinny Abello wrote:

All recent email clients I've come across give you anti-phishing
warnings in one way or another if the URL does not match the actual link.


Which is great, but doesn't help you if the URL and the link are:

        http://firstnationalbank.example.com

because a significant number of users will only see "firstnationalbank"
and ".com".

That's why I recommend that banks et.al. don't put *any* URLs in their
messages.  If they make this an explicit policy and pound it into the
heads of their customers that ANY message containing a URL is not from
them, and that they should always use their bookmarks to get to the
bank's site, then they're training their customers to be phish-resistant.

---rsk

Current thread:

Re: Dear RIPE: Please don't encourage phishing, (continued)
- - - Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 11)
    - Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 11)
    - Re: Dear RIPE: Please don't encourage phishing Masataka Ohta (Feb 11)
    - Re: Dear RIPE: Please don't encourage phishing Adrian (Feb 10)
    - Re: Dear RIPE: Please don't encourage phishing Valdis . Kletnieks (Feb 10)
    - RE: Dear RIPE: Please don't encourage phishing Vinny_Abello (Feb 10)
    - RE: Dear RIPE: Please don't encourage phishing Keith Medcalf (Feb 11)
    - Re: Dear RIPE: Please don't encourage phishing Vinny Abello (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing Rich Kulawiec (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing Sven Olaf Kamphuis (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing Sven Olaf Kamphuis (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing John Levine (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing Vinny Abello (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing John Levine (Feb 12)
    - Re: Dear RIPE: Please don't encourage phishing John Levine (Feb 12)