Re: Microsoft's Solution in

Re: Microsoft's Solution in http://www.dslreports.com/forum/r9086479 en Thu, 26 Nov 2009 16:03:59 EDT Thu, 26 Nov 2009 16:03:59 EDT Re: Microsoft's Solution http://www.dslreports.com/forum/remark,9087255 Morac :

said by Omega :
The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.

There's a very easy way to stop the real address from showing up in the status bar. Just add a NULL character (%00) after the %01 character in the URL. Then the fake URL will show in the status bar.

Or use scripting to obscure it.

Either way, looking at the status bar doesn't guarantee you're going to a real site.]]> http://www.dslreports.com/forum/remark,9087255 Thu, 15 Jan 2004 13:35:00 EDT Re: Microsoft's Solution http://www.dslreports.com/forum/remark,9087157 ParanoiaInc : True, but for those in a rush this is still a major problem when the fake links start infecting search engines.]]> http://www.dslreports.com/forum/remark,9087157 Thu, 15 Jan 2004 13:24:31 EDT Re: Microsoft's Solution http://www.dslreports.com/forum/remark,9086479 Omega : The way I do it is just look at the status bar at the bottom of IE. It shows you the true link.]]> http://www.dslreports.com/forum/remark,9086479 Thu, 15 Jan 2004 12:11:57 EDT Re: Microsoft's Solution http://www.dslreports.com/forum/remark,9085473 mastermind278 : My solution seems to be stop using IE, or let Mcafee catch it for me.
--
Mastermind 4 Life � � �

]]> http://www.dslreports.com/forum/remark,9085473 Thu, 15 Jan 2004 10:00:10 EDT Re: Microsoft's Solution http://www.dslreports.com/forum/remark,9085402 SpyderWoman : Talk about an "educate the user" problem!! Microsoft's recommendation begins with:
"Verify that there is a lock icon in the lower right Status bar and verify the name of the server that provides the page that you are viewing before you type any personal or sensitive information."

Well, it's already been demonstrated in our Security forum that the lock can be spoofed. So that's not a safe indicator. The Microsoft article goes on to say to then right click on the lock symbol and check the source of the digital signature. I'm not certain but what that couldn't be spoofed up or obfuscated enough to confuse most users.

Most of the people "falling" for these phishing expeditions do not have the knowledge available right here in this forum: they are trusting their email to be a "what you see is what you get" thing, and while you and I know it's not that way, they don't.

Does anyone really think that the general public is going to get that boned up on this stuff? Heck, 90% of them never heard the simple guideline: "most legitimate businesses won't even ask you to update over the internet via email" much less the stronger guideline "when in doubt, don't until after YOU VERIFY either by email or phone call, that the request is legitimate".]]> http://www.dslreports.com/forum/remark,9085402 Thu, 15 Jan 2004 09:50:10 EDT Microsoft's Solution http://www.dslreports.com/forum/remark,9085339 Morac : "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself." - »support.microsoft.com/default.as···];833786]]> http://www.dslreports.com/forum/remark,9085339 Thu, 15 Jan 2004 09:42:21 EDT