- From: Ian Fette <ifette@google.com>
- Date: Fri, 24 Aug 2007 08:25:37 -0700
- To: public-wsc-wg@w3.org
- Message-ID: <bbeaa26f0708240825q28642272iae7aa9cf5d2cf513@mail.gmail.com>
The problem is that it's difficult (perhaps impossible) to, in the browser, distinguish between "This was a phishing site and now it's gone" and "This is just a page that's not here". It's possible that the URL has made it on to a blacklist, in which case then the browser might have this information, but dead URLs are not always maintained on blacklists... On 8/24/07, Timothy Hahn <hahnt@us.ibm.com> wrote: > > > Dan, > > FWIW, I like the use case below. It points out an opportunity for > educating people as they traverse to something that has been addressed (or > so it appears) by "someone/thing out there". The current status-quo is that > they receive an error that is indistinguishable from something they get if > they, themselves, did something wrong (like mis-type a URL). > > Regards, > Tim Hahn > IBM Distinguished Engineer > > Internet: hahnt@us.ibm.com > Internal: Timothy Hahn/Durham/IBM@IBMUS > phone: 919.224.1565 tie-line: 8/687.1565 > fax: 919.224.2530 > > > > From: "Dan Schutzer" <dan.schutzer@fstc.org> To: <public-wsc-wg@w3.org> > Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org> Date: 08/24/2007 07:50 AM > Subject: New Use Case for W3C WSC > ------------------------------ > > > > I'd like to submit a new use case, shown below, that several of our > members would like included. It looks for recommendations on how to educate > customers who have fallen for a phishing email, and improve the type of > response customers generally get today when they try to access a phishing > site that has been taken down. I hope this is not too late for > consideration. > > *Use Case* > > Frank regularly reads his email in the morning. This morning he receives > an email that claims it is from his bank asking him to verify a recent > transaction by clicking on the link embedded in the email. The link does not > display the usual URL that he types to get to his bank's website, but it > does have his bank's name in it. He clicks on the link and is directed to a > phishing site. The phishing site has been shut down as a known fraudulent > site, so when Frank clicks on the link he receives the generic Error 404: > File Not Found page. Frank is not sure what has occurred. > *Destination site * > > prior interaction, known organization > *Navigation * > > none > *Intended interaction * > > verification > *Actual interaction * > > Was a phishing site that has been shut down > *Note* > * * > Frank is likely to fall for a similar phishing email. Is there some way to > educate Frank this time, so that he is less likely to fail for the phishing > email again? > > >
Received on Friday, 24 August 2007 15:26:00 UTC