[Geeks are Sexy] technology news

Tuesday, February 06, 2007

Study - Surfers Ignore Common Security Cues on Banking Sites

A new study paints a distressing picture of how easy it is to trick people into signing onto a fake web site and surrendering personal information. It's pretty hard to believe that in 2007, with all the media coverage that the subject has received in the past year, people are still falling prey to phishing attacks. Maybe online banking institutions should start thinking like PayPal and implement a mandatory two-factor authentication scheme on their sites.

Password protection has its limitations, especially when it comes to things like online banking. That's why millions of phishing attempts are made every day—it's relatively easy to craft realistic-looking web pages that convince users to divulge passwords and other personal details. Financial institutions are well aware of this and as a result, have come up with additional authentication measures for their customers. A new study conducted by researchers from MIT and Harvard casts doubts on the efficacy of such measures.

Read more


  • Well, I already told Kiltak this, but in case anyone wants to see...
    PNC Bank has you put in your username on one page, then the next page it shows you a photo from its gallery. You selected the photo previously, so you know which photo is yours. Under the photo is your caption of choice. You entered this, so a phisher wouldn't know what your caption is. At the bottom, you put in your password after you've checked that the other bits are right. Finally, it asks if this is your regular computer or a public computer, because it will remember computers you use a lot, but if someone's logging on from somewhere unusual, they'll pay attention just like if a whole lot of credit card charges were made from different places, to be sure someone's not pretending to be you.

    Also, if you get an eBay email, mouse over the links and see where they go. If it has an IP address in hex with a /ebayISAPI.dll, don't click it. I just found that one the other day. Mail comes through a Chinese mailserver and the .dll is in Mexico, you log in and your username/password get sent to the phisher.

    By Blogger Mackenzie, at 3:47 PM  

Post a Comment

Links to this post:

Create a Link

<< Home