[Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should Not Follow
nick at virus-l.demon.co.uk
Sun Apr 2 00:15:18 BST 2006
Marcos Agüero to Michal Zalewski:
> > Note to self: design my next phishing website to always display "logon
> > failed".
The phishmongers are well ahead of you there...
> Just as most of the phishing sites already do.
Admittedly I don't poke bogus credentials into every phishing site I
see, but I do prod a lot of them and of late the only thing I've seen
"fail" is a few sites doing Luhn checks on supplied CC #s and asking
you to more carefully re-enter the number.
The "iniitial fail" tactic was quite a popular a while back, but I
don't recall having seen it at all lately...
Full-Disclosure is hosted and sponsored by Secunia.