Thursday, September 07, 2006
A clever trick you can't depend on any more
How do you know you're really at your bank's web site when you type in your banking password? How do you know it's not a fake site set up by a crook to trick you into giving the crook your password?
One idea was always to enter an incorrect password first. Only your bank can tell whether the password is real, so the idea was that if you got an apparently successful login you would know you were on a fake site.
Unfortunately there's nothing to stop crooks from opening their own connection to your bank and sending along your password to see if it works. Even more unfortunately, they're already doing it, according to antivirus firm F-Secure. They found a real-life PayPal impersonation that required a genuine password.
|
One idea was always to enter an incorrect password first. Only your bank can tell whether the password is real, so the idea was that if you got an apparently successful login you would know you were on a fake site.
Unfortunately there's nothing to stop crooks from opening their own connection to your bank and sending along your password to see if it works. Even more unfortunately, they're already doing it, according to antivirus firm F-Secure. They found a real-life PayPal impersonation that required a genuine password.
# posted by Frederick @ 9:30 PM Email to a friend:
Haloscan: they provide trackback