Monday, February 12, 2007

Something is smishing

Amidst the praise for the anti-phish potential of sequencing Cardspace authentication to OpenID SSO, perhaps we shouldn't forget this. Or this.

Separately, I've an idea for a new phish attack. Steps follow
  1. Write an article about phishing & identity theft etc.
  2. Give lots of statistics.
  3. Provide standard warnings about link clicking.
  4. Quote Bruce Schneier.
  5. Have somebody named 'Mike from Tulsa' bemoaning the loss of his identity.
  6. Provide an example of a phish email. For that example, have two links, one to a screen shot of the phished site, another prefaced with 'compared to the actual PayPal site (click here)'.
  7. Pay for search engine placement.
  8. Sit back.

No comments: