[ZOverLord]

ItÂ’s an online con that is growing fast and stealing tens of millions of dollars.

An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such “phishing” attacks exploit a universal weakness in online security: passwords.

To read the rest of the story and download this new utility please go here:

http://testing.onlytherightanswers.c...article&sid=15

[dumdum8684]

If people would use some common sense we wouldn't have to have programs like this...I mean paypal does say that if the url isn't https://www.paypal.com don't click it. Stupidity is 70% of the problem with security. The other 20% is computer illiteracy and the rest is Microsoft...

I mean I've clicked the AIM links before that are auto sent to you. I'm sure we've all done something like that. I'm talking the people that you clean their computer and then a week later they did the same thing because the wording was changed...Just my opinion

-Aaron

[Chankama]

You know the problem is not that "People are stupid".. They might just forget ..

I do a lot of transactions online.. And I am very careful in making sure that everything is ok. And I am not just talking about checking the url. I am somewhat of a security nut, so I don't mind.

But it is easy to conceive that someone else who do much more transactions than me, all day long, just simply "forget" to check or whatever. These guys are suspectable too.. :eek:

[uzi9mm]

But people do not understand the simple fact that companies are telling their customers:

"(insert company here) will never ask for you to send personal or financial information by,
in response to, or via a link in an e-mail."

[Chankama]

Well, but the thing people who do online transactions "do" enter certain passwords online. And for an active attacker it is quite possible for them to direct you to a "secure" site operated by the hacker.

You can type your bank's website hoping to do some transactions, but without you noticing you might get redirected to a shady website. You might get the cute padlock and everything, but unless you verify the certificate to ensure that it was for the company that you specified, you might be in some trouble ..

What I was getting at was that when u do so many transactions in a short time, sometimes u get "lazy" and forget to check each certificate manually.