Re: New Use Case for W3C WSC from Timothy Hahn on 2007-08-24 (public-wsc-wg@w3.org from August 2007)

From: Timothy Hahn <hahnt@us.ibm.com>
Date: Fri, 24 Aug 2007 08:33:17 -0400
To: public-wsc-wg@w3.org
Message-ID: <OFCB79D138.776C865A-ON85257341.00446C6F-85257341.0044F3D2@us.ibm.com>

Dan,

FWIW, I like the use case below.  It points out an opportunity for 
educating people as they traverse to something that has been addressed (or 
so it appears) by "someone/thing out there".  The current status-quo is 
that they receive an error that is indistinguishable from something they 
get if they, themselves, did something wrong (like mis-type a URL).

Regards,
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530




From:
"Dan Schutzer" <dan.schutzer@fstc.org>
To:
<public-wsc-wg@w3.org>
Cc:
"'Dan Schutzer'" <dan.schutzer@fstc.org>
Date:
08/24/2007 07:50 AM
Subject:
New Use Case for W3C WSC



I’d like to submit a new use case, shown below, that several of our 
members would like included. It looks for recommendations on how to 
educate customers who have fallen for a phishing email, and improve the 
type of response customers generally get today when they try to access a 
phishing site that has been taken down. I hope this is not too late for 
consideration.
Use Case
Frank regularly reads his email in the morning. This morning he receives 
an email that claims it is from his bank asking him to verify a recent 
transaction by clicking on the link embedded in the email. The link does 
not display the usual URL that he types to get to his bank’s website, but 
it does have his bank’s name in it. He clicks on the link and is directed 
to a phishing site. The phishing site has been shut down as a known 
fraudulent site, so when Frank clicks on the link he receives the generic 
Error 404: File Not Found page. Frank is not sure what has occurred.
Destination site 
prior interaction, known organization
Navigation 
none
Intended interaction 
verification
Actual interaction 
Was a phishing site that has been shut down
Note
 
Frank is likely to fall for a similar phishing email. Is there some way to 
educate Frank this time, so that he is less likely to fail for the 
phishing email again?

Received on Friday, 24 August 2007 14:57:30 UTC