- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Fri, 24 Aug 2007 07:02:37 -0400
- To: <public-wsc-wg@w3.org>
- Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org>
- Message-ID: <00c301c7e63e$4910ff40$6500a8c0@dschutzer>
I'd like to submit a new use case, shown below, that several of our members would like included. It looks for recommendations on how to educate customers who have fallen for a phishing email, and improve the type of response customers generally get today when they try to access a phishing site that has been taken down. I hope this is not too late for consideration. Use Case Frank regularly reads his email in the morning. This morning he receives an email that claims it is from his bank asking him to verify a recent transaction by clicking on the link embedded in the email. The link does not display the usual URL that he types to get to his bank's website, but it does have his bank's name in it. He clicks on the link and is directed to a phishing site. The phishing site has been shut down as a known fraudulent site, so when Frank clicks on the link he receives the generic Error 404: File Not Found page. Frank is not sure what has occurred. Destination site prior interaction, known organization Navigation none Intended interaction verification Actual interaction Was a phishing site that has been shut down Note Frank is likely to fall for a similar phishing email. Is there some way to educate Frank this time, so that he is less likely to fail for the phishing email again?
Received on Friday, 24 August 2007 11:03:08 UTC