New Phishing Trick
Although I think I’ve seen the trick before:
Phishing schemes are all about deception, and recently some clever phishers have added a new layer of subterfuge called the secure phish. It uses the padlock icon indicating that your browser has established a secure connection to a Web site to lull you into a false sense of security. According to Internet security company SurfControl, phishers have begun to outfit their counterfeit sites with self-generated Secure Sockets Layer certificates. To distinguish an imposter from the genuine article, you should carefully scan the security certificate prompt for a reference to either “a self-issued certificate” or “an unknown certificate authority.”
Yeah, like anyone is going to do that.
Woo • December 1, 2005 8:23 AM
Using the padlock icon for phishing was well to be expected. Enough security pages are there telling people to “watch out for the padlock symbol to make sure you’re surfing securely”.. what makes me wonder is that phishers have only now started making use of that icon.
Certificates are worthless anyways, at least in preventing fraud.. Verisign et al will issue any certificate to any person who pays their fees.. they don’t check the site for lawfulness.
There simply is no good advice against phishing than getting people to think twice before entering their personal data into officially-looking websites. Getting them to think about what might Ebay/Paypal/$Bank cause them to demand their login data.
Somehow I think, the customers should be held liable for any fraud arising from login data being entered into phishing sites.. some just won’t learn unless they have to pay. Why should the companies pay for the dumbness of their customers?