- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Fri, 31 Aug 2007 07:50:50 -0400
- To: <michael.mccormick@wellsfargo.com>, <ifette@google.com>, <public-wsc-wg@w3.org>
- Cc: <todd.inskeep@bankofamerica.com>, <dixonom@wellsfargo.com>, <rudolphm@wellsfargo.com>
- Message-ID: <012401c7ebc5$2e841040$6500a8c0@dschutzer>
I agree with Mike's comments _____ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of michael.mccormick@wellsfargo.com Sent: Thursday, August 30, 2007 5:56 PM To: ifette@google.com; public-wsc-wg@w3.org Cc: dan.schutzer@fstc.org; todd.inskeep@bankofamerica.com; dixonom@wellsfargo.com; rudolphm@wellsfargo.com Subject: RE: New Use Case for W3C WSC Indeed. But solution difficulty shouldn't be a factor in determining the validity of a use case or requirement. Fwiw I don't think the problem is intractable. For instance, a list of takedown URLs could be maintained & published by appropriate law enforcement authorities, which browsers would consult to determine whether to display an educational page instead of the standard 403 error. Mike _____ From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Ian Fette Sent: Friday, August 24, 2007 10:26 AM To: public-wsc-wg@w3.org Subject: Re: New Use Case for W3C WSC The problem is that it's difficult (perhaps impossible) to, in the browser, distinguish between "This was a phishing site and now it's gone" and "This is just a page that's not here". It's possible that the URL has made it on to a blacklist, in which case then the browser might have this information, but dead URLs are not always maintained on blacklists... On 8/24/07, Timothy Hahn <hahnt@us.ibm.com> wrote: Dan, FWIW, I like the use case below. It points out an opportunity for educating people as they traverse to something that has been addressed (or so it appears) by "someone/thing out there". The current status-quo is that they receive an error that is indistinguishable from something they get if they, themselves, did something wrong (like mis-type a URL). Regards, Tim Hahn IBM Distinguished Engineer Internet: hahnt@us.ibm.com Internal: Timothy Hahn/Durham/IBM@IBMUS phone: 919.224.1565 tie-line: 8/687.1565 fax: 919.224.2530 From: "Dan Schutzer" <dan.schutzer@fstc.org> To: <public-wsc-wg@w3.org> Cc: "'Dan Schutzer'" <dan.schutzer@fstc.org> Date: 08/24/2007 07:50 AM Subject: New Use Case for W3C WSC _____ I'd like to submit a new use case, shown below, that several of our members would like included. It looks for recommendations on how to educate customers who have fallen for a phishing email, and improve the type of response customers generally get today when they try to access a phishing site that has been taken down. I hope this is not too late for consideration. Use Case Frank regularly reads his email in the morning. This morning he receives an email that claims it is from his bank asking him to verify a recent transaction by clicking on the link embedded in the email. The link does not display the usual URL that he types to get to his bank's website, but it does have his bank's name in it. He clicks on the link and is directed to a phishing site. The phishing site has been shut down as a known fraudulent site, so when Frank clicks on the link he receives the generic Error 404: File Not Found page. Frank is not sure what has occurred. Destination site prior interaction, known organization Navigation none Intended interaction verification Actual interaction Was a phishing site that has been shut down Note Frank is likely to fall for a similar phishing email. Is there some way to educate Frank this time, so that he is less likely to fail for the phishing email again?
Received on Friday, 31 August 2007 11:51:24 UTC