Thursday, May 3, 2007

Phishes and loathes...

This post by Pascal Meunier over at CERIAS is well worth reading if you use a Visa credit card to make purchases online and the vendor uses the "Verified by Visa" program. The basic problem is that Visa's program presents itself like more of a phishing attempt than a legitimate fraud prevention tool. Worse than that, I think, is the fundamental implementation problems that Pascal notes in the update at the bottom of the article. Does anyone even test this stuff?

On the subject of phishing, it seems that banks and credit card companies still don't get it. I can find countless examples of unexpected emails from my banks that, from what I can tell are completely legitimate, but are full of "click here" and "login" links - the kinds that train the not-so-careful users to fall for phishing attacks in the first place. Maybe it's time I jumped on the ASCII ribbon campaign..

No comments: