RE: New Use Case for W3C WSC from michael.mccormick@wellsfargo.com on 2007-08-30 (public-wsc-wg@w3.org from August 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Thu, 30 Aug 2007 16:51:26 -0500
To: <hahnt@us.ibm.com>, <public-wsc-wg@w3.org>
Message-ID: <9D471E876696BE4DA103E939AE64164D250F4E@msgswbmnmsp17.wellsfargo.com>

I like it too.  As do several large US financial institutions who
collaborated with Dan on it behind the scenes.  Thanks Dan!

  _____  

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of Timothy Hahn
Sent: Friday, August 24, 2007 7:33 AM
To: public-wsc-wg@w3.org
Subject: Re: New Use Case for W3C WSC

Dan, 

FWIW, I like the use case below.  It points out an opportunity for
educating people as they traverse to something that has been addressed
(or so it appears) by "someone/thing out there".  The current status-quo
is that they receive an error that is indistinguishable from something
they get if they, themselves, did something wrong (like mis-type a URL).

Regards, 
Tim Hahn
IBM Distinguished Engineer

Internet: hahnt@us.ibm.com
Internal: Timothy Hahn/Durham/IBM@IBMUS
phone: 919.224.1565     tie-line: 8/687.1565
fax: 919.224.2530

From: 	"Dan Schutzer" <dan.schutzer@fstc.org> 
To: 	<public-wsc-wg@w3.org> 
Cc: 	"'Dan Schutzer'" <dan.schutzer@fstc.org> 
Date: 	08/24/2007 07:50 AM 
Subject: 	New Use Case for W3C WSC

  _____  

I'd like to submit a new use case, shown below, that several of our
members would like included. It looks for recommendations on how to
educate customers who have fallen for a phishing email, and improve the
type of response customers generally get today when they try to access a
phishing site that has been taken down. I hope this is not too late for
consideration. 

Use Case 

Frank regularly reads his email in the morning. This morning he receives
an email that claims it is from his bank asking him to verify a recent
transaction by clicking on the link embedded in the email. The link does
not display the usual URL that he types to get to his bank's website,
but it does have his bank's name in it. He clicks on the link and is
directed to a phishing site. The phishing site has been shut down as a
known fraudulent site, so when Frank clicks on the link he receives the
generic Error 404: File Not Found page. Frank is not sure what has
occurred. 
Destination site 

prior interaction, known organization 
Navigation 

none 
Intended interaction 

verification 
Actual interaction 

Was a phishing site that has been shut down 
Note 

Frank is likely to fall for a similar phishing email. Is there some way
to educate Frank this time, so that he is less likely to fail for the
phishing email again?

Received on Thursday, 30 August 2007 21:51:55 UTC