[Dshield] OT?: some stuff, a firewall won't catch

Johannes Ullrich jullrich at euclidian.com
Fri Nov 15 19:16:04 GMT 2002


First of all, this scam is common within AOL. This one is actually missing
the obligatory credit card entry field ;-/

> How do you catch that, except telling everybody over and over, not to
> click on links, to trust nobody and that the internet became a bad place
> to be?

Well, if you can, teach users not to use a non-https site to enter
sensitive passwords, and to use different passwords for different
sites. If the site uses https,  make sure the URL is ok (there are
lots of tricks to make a URL look legit).

User education is probably the only way to fix this problem. You may
also send a not to the aol abuse department to notify them.

(BTW: I sent an email to truepath.com... will call them if the site
doesn't go down soon... they have a 'Live Person' chat thing which
didn't work for me... no java :-/ )



-- 
--------------------------------------------------------------------
jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20021115/dd541cb8/attachment.bin


More information about the list mailing list