Re: New Use Case for W3C WSC

The problem is that it's difficult (perhaps impossible) to, in the browser,
distinguish between "This was a phishing site and now it's gone" and "This
is just a page that's not here". It's possible that the URL has made it on
to a blacklist, in which case then the browser might have this information,
but dead URLs are not always maintained on blacklists...

On 8/24/07, Timothy Hahn <hahnt@us.ibm.com> wrote:
>
>
> Dan,
>
> FWIW, I like the use case below.  It points out an opportunity for
> educating people as they traverse to something that has been addressed (or
> so it appears) by "someone/thing out there".  The current status-quo is that
> they receive an error that is indistinguishable from something they get if
> they, themselves, did something wrong (like mis-type a URL).
>
> Regards,
> Tim Hahn
> IBM Distinguished Engineer
>
> Internet: hahnt@us.ibm.com
> Internal: Timothy Hahn/Durham/IBM@IBMUS
> phone: 919.224.1565     tie-line: 8/687.1565
> fax: 919.224.2530
>
>
>
>  From: "Dan Schutzer" <dan.schutzer@fstc.org> To: <public-wsc-wg@w3.org>
> Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org> Date: 08/24/2007 07:50 AM
> Subject: New Use Case for W3C WSC
> ------------------------------
>
>
>
> I'd like to submit a new use case, shown below, that several of our
> members would like included. It looks for recommendations on how to educate
> customers who have fallen for a phishing email, and improve the type of
> response customers generally get today when they try to access a phishing
> site that has been taken down. I hope this is not too late for
> consideration.
>
> *Use Case*
>
> Frank regularly reads his email in the morning. This morning he receives
> an email that claims it is from his bank asking him to verify a recent
> transaction by clicking on the link embedded in the email. The link does not
> display the usual URL that he types to get to his bank's website, but it
> does have his bank's name in it. He clicks on the link and is directed to a
> phishing site. The phishing site has been shut down as a known fraudulent
> site, so when Frank clicks on the link he receives the generic Error 404:
> File Not Found page. Frank is not sure what has occurred.
> *Destination site *
>
> prior interaction, known organization
> *Navigation *
>
> none
> *Intended interaction *
>
> verification
> *Actual interaction *
>
> Was a phishing site that has been shut down
> *Note*
> * *
> Frank is likely to fall for a similar phishing email. Is there some way to
> educate Frank this time, so that he is less likely to fail for the phishing
> email again?
>
>
>

Received on Friday, 24 August 2007 15:26:00 UTC