The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Phishing: People are stupid, security is inadequate and we are all doomed.
Phishing?
Internet criminals sending you sneaky e-mails that look like they are from your bank (or other trusted organisation), in order to fool you into giving over your account details and passwords on fraudulent websites.
But surely fraudulent emails are obvious, they're full of nonsense and spelling mistakes.
Not anymore, the phish are getting very slippery. This type of fraud is increasingly sophisticated in its methods, and the spelling is worryingly good. The most astonishing thing to be uncovered by research on phishing is how easy it is to fool people. We are all stupid, trawling the internet in a state of blissful witlessness, believing everything we are told and giving out our credit card details with joyful abandon.
No way. You'd have to be a blind 90-year old to fall for such badly faked e-mails and websites.
Seemingly not. A new study (Why Phishing Works, Dhamija, Tygar and Hearst) reckons it's worse than we thought and nobody's safe. Many users rely on the overall feel of a site or e-mail, based on content alone, to decide whether it is genuine, and a good number of people are entirely unaware of the risks of phishing. As a result, many cannot distinguish a genuine site from a spoofed one. To make matters worse, Phish are refining their evil techniques, and even technically aware and security conscious users are vulnerable. According to the study, a staggering 90% of participants were taken in by good phishing websites. Successful methods ranged from the basic (.jpg images of padlocks on dodgy sites when the browser does not display a genuine secure padlock) to the brilliantly devious (URLs that replace the original site address 'w' with two 'v' characters) that made the fakes very hard to spot.
Well we can't help being stupid, but at least we can protect ourselves with decent security measures, can't we?
No, existing security is rubbish. A substantial number of users never look at the address bar or status bar, and are oblivious to security indicators, because they fall outside the focus of attention. Current browser security is stupidly and disastrously flawed. The browser tells us when we can trust a site, but not when we can't. It just sits and watches us getting well and truly phished if we happen to stray onto an unsafe site. The only sign that a site might be suspicious is an absence of positive indicators, which we seldom notice when they are present, and are not accustomed to checking. We just click away like happy morons. The lesson here is to be aware and actually check the site URL (and preferably type it in yourself rather than click links from dubious e-mails) and check that supposedly secure pages actually have a valid security certificate (click the padlock icon on your browser's frame) before handing over your credit card details!
So what hope is there?
Believe it or not, it could get worse unless we're careful. Apparently, the phishing is getting so good, it won't be long before we are getting malicious spam under the guise of a friendly email from our chums, apparently from their email addresses. How frightening. The Anti-Phishing Working Group recommends that any e-mail requesting personal or financial information be treated as suspicious, regardless of who it is from, particularly if it is not specifically addressed to you. Don't use the links in an email to get to a web page, load the site by typing the address into your browser, and always check that the links are taking you to a recognised site. Only give sensitive information on a secure server (always check that the browser is correctly displaying the padlock icon), and stay paranoid.
Well, that's cheered me up.
You will thank me one day.
Phishing?
Internet criminals sending you sneaky e-mails that look like they are from your bank (or other trusted organisation), in order to fool you into giving over your account details and passwords on fraudulent websites.
But surely fraudulent emails are obvious, they're full of nonsense and spelling mistakes.
Not anymore, the phish are getting very slippery. This type of fraud is increasingly sophisticated in its methods, and the spelling is worryingly good. The most astonishing thing to be uncovered by research on phishing is how easy it is to fool people. We are all stupid, trawling the internet in a state of blissful witlessness, believing everything we are told and giving out our credit card details with joyful abandon.
No way. You'd have to be a blind 90-year old to fall for such badly faked e-mails and websites.
Seemingly not. A new study (Why Phishing Works, Dhamija, Tygar and Hearst) reckons it's worse than we thought and nobody's safe. Many users rely on the overall feel of a site or e-mail, based on content alone, to decide whether it is genuine, and a good number of people are entirely unaware of the risks of phishing. As a result, many cannot distinguish a genuine site from a spoofed one. To make matters worse, Phish are refining their evil techniques, and even technically aware and security conscious users are vulnerable. According to the study, a staggering 90% of participants were taken in by good phishing websites. Successful methods ranged from the basic (.jpg images of padlocks on dodgy sites when the browser does not display a genuine secure padlock) to the brilliantly devious (URLs that replace the original site address 'w' with two 'v' characters) that made the fakes very hard to spot.
Well we can't help being stupid, but at least we can protect ourselves with decent security measures, can't we?
No, existing security is rubbish. A substantial number of users never look at the address bar or status bar, and are oblivious to security indicators, because they fall outside the focus of attention. Current browser security is stupidly and disastrously flawed. The browser tells us when we can trust a site, but not when we can't. It just sits and watches us getting well and truly phished if we happen to stray onto an unsafe site. The only sign that a site might be suspicious is an absence of positive indicators, which we seldom notice when they are present, and are not accustomed to checking. We just click away like happy morons. The lesson here is to be aware and actually check the site URL (and preferably type it in yourself rather than click links from dubious e-mails) and check that supposedly secure pages actually have a valid security certificate (click the padlock icon on your browser's frame) before handing over your credit card details!
So what hope is there?
Believe it or not, it could get worse unless we're careful. Apparently, the phishing is getting so good, it won't be long before we are getting malicious spam under the guise of a friendly email from our chums, apparently from their email addresses. How frightening. The Anti-Phishing Working Group recommends that any e-mail requesting personal or financial information be treated as suspicious, regardless of who it is from, particularly if it is not specifically addressed to you. Don't use the links in an email to get to a web page, load the site by typing the address into your browser, and always check that the links are taking you to a recognised site. Only give sensitive information on a secure server (always check that the browser is correctly displaying the padlock icon), and stay paranoid.
Well, that's cheered me up.
You will thank me one day.
It's not going to change, get used to it.
Im just saying the word/name "hacker" has been pooped upon by the media, and you all have taken it in.
However the non tech people will see it all as the same thing.
Cruciatum Fixative wrote:
> Same difference...
differnt as the true "hacker" is someone who is an amazing coder, spends their time pushing their own systems to the limit, believe in open source, (linux, firefox, PHPfusion etc) and all knowledge given to all men.
> Same difference...
differnt as the true "hacker" is someone who is an amazing coder, spends their time pushing their own systems to the limit, believe in open source, (linux, firefox, PHPfusion etc) and all knowledge given to all men.
Same difference...
Cruciatum Fixative wrote:
> Well, me mother the other day had her account hacked, and lost
> £1200 whilst this is near irrelevant to this thread, it
> runs under the basic lines...
Not a hack,
ul.
If they gained access by getting her password, it is a "crack" or "criminal hack"
but not "hacked"
> Well, me mother the other day had her account hacked, and lost
> £1200 whilst this is near irrelevant to this thread, it
> runs under the basic lines...
Not a hack,
ul.
If they gained access by getting her password, it is a "crack" or "criminal hack"
but not "hacked"
Well, me mother the other day had her account hacked, and lost £1200 whilst this is near irrelevant to this thread, it runs under the basic lines...
Whilst that was a good quality, informative post, Phishing is relatively old news and any internet user, except those who have been hiding under a rock or something, got wise to it years ago...
I think I'd be able so spot a fake site, or at least I hope I would. I dont want to sound too cocky or I'll jinx myself.
Phishing: People are stupid, security is inadequate and we are all doomed.
Phishing?
Internet criminals sending you sneaky e-mails that look like they are from your bank (or other trusted organisation), in order to fool you into giving over your account details and passwords on fraudulent websites.
But surely fraudulent emails are obvious, they're full of nonsense and spelling mistakes.
Not anymore, the phish are getting very slippery. This type of fraud is increasingly sophisticated in its methods, and the spelling is worryingly good. The most astonishing thing to be uncovered by research on phishing is how easy it is to fool people. We are all stupid, trawling the internet in a state of blissful witlessness, believing everything we are told and giving out our credit card details with joyful abandon.
No way. You'd have to be a blind 90-year old to fall for such badly faked e-mails and websites.
Seemingly not. A new study (Why Phishing Works, Dhamija, Tygar and Hearst) reckons it's worse than we thought and nobody's safe. Many users rely on the overall feel of a site or e-mail, based on content alone, to decide whether it is genuine, and a good number of people are entirely unaware of the risks of phishing. As a result, many cannot distinguish a genuine site from a spoofed one. To make matters worse, Phish are refining their evil techniques, and even technically aware and security conscious users are vulnerable. According to the study, a staggering 90% of participants were taken in by good phishing websites. Successful methods ranged from the basic (.jpg images of padlocks on dodgy sites when the browser does not display a genuine secure padlock) to the brilliantly devious (URLs that replace the original site address 'w' with two 'v' characters) that made the fakes very hard to spot.
Well we can't help being stupid, but at least we can protect ourselves with decent security measures, can't we?
No, existing security is rubbish. A substantial number of users never look at the address bar or status bar, and are oblivious to security indicators, because they fall outside the focus of attention. Current browser security is stupidly and disastrously flawed. The browser tells us when we can trust a site, but not when we can't. It just sits and watches us getting well and truly phished if we happen to stray onto an unsafe site. The only sign that a site might be suspicious is an absence of positive indicators, which we seldom notice when they are present, and are not accustomed to checking. We just click away like happy morons. The lesson here is to be aware and actually check the site URL (and preferably type it in yourself rather than click links from dubious e-mails) and check that supposedly secure pages actually have a valid security certificate (click the padlock icon on your browser's frame) before handing over your credit card details!
So what hope is there?
Believe it or not, it could get worse unless we're careful. Apparently, the phishing is getting so good, it won't be long before we are getting malicious spam under the guise of a friendly email from our chums, apparently from their email addresses. How frightening. The Anti-Phishing Working Group recommends that any e-mail requesting personal or financial information be treated as suspicious, regardless of who it is from, particularly if it is not specifically addressed to you. Don't use the links in an email to get to a web page, load the site by typing the address into your browser, and always check that the links are taking you to a recognised site. Only give sensitive information on a secure server (always check that the browser is correctly displaying the padlock icon), and stay paranoid.
Well, that's cheered me up.
You will thank me one day.
Phishing?
Internet criminals sending you sneaky e-mails that look like they are from your bank (or other trusted organisation), in order to fool you into giving over your account details and passwords on fraudulent websites.
But surely fraudulent emails are obvious, they're full of nonsense and spelling mistakes.
Not anymore, the phish are getting very slippery. This type of fraud is increasingly sophisticated in its methods, and the spelling is worryingly good. The most astonishing thing to be uncovered by research on phishing is how easy it is to fool people. We are all stupid, trawling the internet in a state of blissful witlessness, believing everything we are told and giving out our credit card details with joyful abandon.
No way. You'd have to be a blind 90-year old to fall for such badly faked e-mails and websites.
Seemingly not. A new study (Why Phishing Works, Dhamija, Tygar and Hearst) reckons it's worse than we thought and nobody's safe. Many users rely on the overall feel of a site or e-mail, based on content alone, to decide whether it is genuine, and a good number of people are entirely unaware of the risks of phishing. As a result, many cannot distinguish a genuine site from a spoofed one. To make matters worse, Phish are refining their evil techniques, and even technically aware and security conscious users are vulnerable. According to the study, a staggering 90% of participants were taken in by good phishing websites. Successful methods ranged from the basic (.jpg images of padlocks on dodgy sites when the browser does not display a genuine secure padlock) to the brilliantly devious (URLs that replace the original site address 'w' with two 'v' characters) that made the fakes very hard to spot.
Well we can't help being stupid, but at least we can protect ourselves with decent security measures, can't we?
No, existing security is rubbish. A substantial number of users never look at the address bar or status bar, and are oblivious to security indicators, because they fall outside the focus of attention. Current browser security is stupidly and disastrously flawed. The browser tells us when we can trust a site, but not when we can't. It just sits and watches us getting well and truly phished if we happen to stray onto an unsafe site. The only sign that a site might be suspicious is an absence of positive indicators, which we seldom notice when they are present, and are not accustomed to checking. We just click away like happy morons. The lesson here is to be aware and actually check the site URL (and preferably type it in yourself rather than click links from dubious e-mails) and check that supposedly secure pages actually have a valid security certificate (click the padlock icon on your browser's frame) before handing over your credit card details!
So what hope is there?
Believe it or not, it could get worse unless we're careful. Apparently, the phishing is getting so good, it won't be long before we are getting malicious spam under the guise of a friendly email from our chums, apparently from their email addresses. How frightening. The Anti-Phishing Working Group recommends that any e-mail requesting personal or financial information be treated as suspicious, regardless of who it is from, particularly if it is not specifically addressed to you. Don't use the links in an email to get to a web page, load the site by typing the address into your browser, and always check that the links are taking you to a recognised site. Only give sensitive information on a secure server (always check that the browser is correctly displaying the padlock icon), and stay paranoid.
Well, that's cheered me up.
You will thank me one day.