Browsers, phishing, and user interface design

Browsers, phishing, and user interface design
Scott Granneman, 2006-06-05

Phishing works for so many reasons, we need to rethink browser and user interface design to provide some real-life security to the average user who doesn't see or understand the security cues.

Expand all | Post comment

Sure. Lots of ideas... 2006-06-05
Anonymous (2 replies)

Your First Statement Is Right 2006-06-06
Anonymous (1 replies)

Re: Your First Statement Is Right 2006-06-07
Anonymous (1 replies)

Re: Re: Your First Statement Is Right 2006-06-08
Anonymous

Re: Sure. Lots of ideas... 2006-06-24
Anonymous

Browsers, phishing, and user interface design 2006-06-06
Anonymous

Browsers, phishing, and user interface design 2006-06-06
TJ

Browsers, phishing, and user interface design 2006-06-06
Anonymous (1 replies)

Re: Browsers, phishing, and user interface design 2006-06-06
Anonymous (2 replies)

Re: Re: Browsers, phishing, and user interface design 2006-06-08
Anonymous

Re: Re: Browsers, phishing, and user interface design 2006-06-16
Anonymous

Browsers, phishing, and user interface design 2006-06-06
infamous41md

Browsers, phishing, and user interface design 2006-06-06
Todd Knarr

Email should be as in the begining: text ONLY 2006-06-07
Anonymous

Well, lets hope we find White Hats 2006-06-07
Anonymous

Education & Two-factor authentication 2006-06-07
Wolfy

Browsers, phishing, and user interface design 2006-06-07
GeeksAreSexy

Browsers, phishing, and user interface design 2006-06-07
Anonymous

Browsers, phishing, and user interface design 2006-06-07
Andydread

Browsers, phishing, and user interface design 2006-06-07
Glenn

Send them to AOL 2006-06-07
Anonymous

Browsers, phishing, and user interface design 2006-06-08
Anonymous

One thing we did, back in DOS days, to get the user to confirm a dangerous action was to change the confirm box.

One system the user had to key a word in like, "Y" or "YES" or "OK", it changed randomly.

Another changed order of buttons, the text on them and the way the question was phrased. So sometimes it was a "Are you sure?" some times "OK to cancel?".

Still I'd agree with many here, read mail in text, especially previewing. Never click on a link to your banking service. Get the banks to introduce 2 factor login eg password + secure ID tag.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/405/33711#33711

The article tells tells you atleast one simple answer 2006-06-08
Matthew

Stop babying people 2006-06-09
Anonymous

Browsers, phishing, and user interface design 2006-06-09
Ron Jennings

Wrong end to start patching 2006-06-12
Thomas Nilsen (1 replies)

Re: Wrong end to start patching 2006-06-12
Anonymous

Browsers, phishing, and user interface design 2006-06-14
Andre

Ingredients of possible solutions 2006-06-16
S. Lo Presti

Users ignore alert messages... 2006-06-20
Anonymous

simple: 2006-06-24
ailaG

Browsers, phishing, and user interface design 2006-07-03
wurzlsepp