Phishing & BotNets
explaining phishing to a naive user Jan 24 2007 05:43AM
Saeed Abu Nimeh (drellman hotmail com)
Hi All,
If I want to explain email phishing to set of user (novice,
intermediate, and experts), can I summarize --let us say-- a list of 100
questions that a user answers gradually to find if this email is
phishing or not? Examples of questions I can think of:
- does email contain html
- does email contain java script
- is there a mismatch between the url displayed in the email and the
source link <a href>
- does the email contain misspellings
- does the email contain an open greeting (i.e. dear customer instead of
dear j smith), etc.
I was thinking of summarizing couple of hundred questions (or less)
targeted to novice, intermediate and expert users. I have around 20
thing in mind, however i was hoping to gt more.
p.s. of course answering one question by it self will not lead to the
conclusion that this email is phishing. For example: email contains html
does not mean it is automatically phishing

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus