Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow

From: michaelslists@xxxxxxxxx
Date: Fri, 31 Mar 2006 17:52:38 +1100

"
Tip #2: Invalid credentials work on impersonated websites.

If you feel there is something wrong with a website, use invalid
username and invalid password to log in. If the website then presents
you with the "Logon failed" page, you are possibly on a legitimate
website, so you may proceed with logging in using your correct
credentials. If it gets you right through - it is definitely a
phishing attempt.
"

argghh!!!!

-- Michael

On 3/31/06, vuln@xxxxxxxxxxx <vuln@xxxxxxxxxxx> wrote:

Every other online banking website features a long page on how
not to be a phishing victim. Good? Usually not. Many of those
web pages contain misleading tips and incorrect statements.

Read more: Phishing Tips Debunked

http://www.hexview.com/sdp/node/24

(Show this article to your computer-illiterate spouse to confuse
him/her even more :)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFELM4HDPV1+KQrDqQRAtY7AJ9dS+3Mh2mXcxBwGua83FOEny8f5QCgoABh
IlKx99gnjcq4q+qrJengp0M=
=wDFW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
  - From: Michal Zalewski

References:
- [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
  - From: vuln

Prev by Date: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
Next by Date: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
Previous by thread: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
Next by thread: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
Index(es):
- Date
- Thread

Relevant Pages

Re: Mouse cursor in OS2 full-screen sessions - new build of mouse.sys
... Ouch. ... My website address used to work and didn't have any munging or email ... check out that driver. ... Walt (To email, remove .invalid from address, or visit ...
(comp.os.os2.programmer.misc)
Re: Recent files
... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... "Donna in Idaho (remove invalid)" wrote in message ... > I worked through some of the FP2003 tutorials on the MS website. ...
(microsoft.public.frontpage.client)
Re: Is it me....
... >But all I get is an error message saying the website address is invalid. ... Pete's website has been down for a while. ...
(uk.tech.rocketry)
Re: Mouse cursor in OS2 full-screen sessions - new build of mouse.sys
... I tried to send you the driver to the address listed on your website but I always get the message that it is invalid ... ... Nospam05j@xxxxxxxxxxxxxxxxxxxxxxxxxxxx schrieb: ...
(comp.os.os2.programmer.misc)
RE: Discovering and Stopping Phishing/Scam Attacks
... I received a phishing scam email for RBC Bank literally moments ago. ... I agree that checking by referer addresses is a powerful way to detect ... I recently came a website located on a hosting ...
(Incidents)