Dear RIPE: Please don't encourage phishing

Sven Olaf Kamphuis sven at cb3rob.net
Sun Feb 12 13:22:06 CST 2012


btw, i'm quite sure that -banks- of all things have the resources to just 
take the transaction part for consumers -off their pcs- and simply send 
them a dedicated device with an ethernet port to do the transactions on.

the same way they do in shops.

no more bothering with "omg what if they click a link, get phished and end 
up in the transaction interface", as there simply won't be a web based 
transaction interface.

guess the "its not allowed to cost anything" mentality of banks towards 
the internet is mostly gone (About time too ;) so they could consider 
other options besides "using the hardware that's allready there and owned 
by the customer (and full of virusses and spyware ;)"

-- 
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
          D-13359                   Registration:    HRA 42834 B
          BERLIN                    Phone:           +31/(0)87-8747479
          Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven at cb3rob.net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle
http://www.facebook.com/cb3rob
=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Sun, 12 Feb 2012, Rich Kulawiec wrote:

> On Sun, Feb 12, 2012 at 04:44:13AM -0500, Vinny Abello wrote:
>> All recent email clients I've come across give you anti-phishing
>> warnings in one way or another if the URL does not match the actual link.
>
> Which is great, but doesn't help you if the URL and the link are:
>
> 	http://firstnationalbank.example.com
>
> because a significant number of users will only see "firstnationalbank"
> and ".com".
>
> That's why I recommend that banks et.al. don't put *any* URLs in their
> messages.  If they make this an explicit policy and pound it into the
> heads of their customers that ANY message containing a URL is not from
> them, and that they should always use their bookmarks to get to the
> bank's site, then they're training their customers to be phish-resistant.
>
> ---rsk
>



More information about the NANOG mailing list