Well that only accounts for part of phishing emails. However just like some people aren't as bright, or as educated in detecting fake emails, there are phishes who aren't as bright as disguising their fake email. Part of the problem is companies not bothering to make things easier for customers.
For example, when just logged into ebay a moment ago it directed me to a page with a contest where i could $500! The link to enter looks like this: http://srx.main.ebayrtm.com/clk?%5Bmore junk] So one could go register ebayrts.com or something similar and send some fake emails saying you could win $500! and direct people to a fake log in page. Now a majority of people would probably be suspicious and not fall for it but we know #1 ebay sends email to it's members about promotions, #2 ebay doesn't always use the same domain name. One could follow the advice you lay out and still fall for the email.
Example 2: How about paypal, they send out an email when someone sends you money. Scammer sends email saying you just received $153.21. The link in the email is https://www.paypal.us/com/cgi-bin/webscr?cmd=_acco unt where the real papal link is https://www.paypal.com/us/cgi-bin/webscr?cmd=_acco unt. (Note Paypal.us is registered by someone in Poland and is currently used for ad squatting) Once again you just have to fall for the simple url and enter your account info. It's not so simple as hey look some 12.34.56.78 is asking me to enter my credit card info.
Those examples are not going to work 100% of the time and still aren't undetectable but it just requires one lapse where you can easily fall victim. There seems to be a sort of apathy when it come to actually educating people. Most shrug and say it's their own fault for being scammed while companies continue to provide scammers with more ways to fool people. There is a good paper on host naming and url practices in pdf form at: http://www.ngssoftware.com/papers/NISR-BestPractic esInHostURLNaming.pdf I would imagine phishing schemes would be less effective with just a marginal effort of education end users and following and sound practice by the company.
IANAL but the Required Records Doctrine of the 5th amendment states
While the privilege is applicable to one's papers and effects,\226\ it does not extend to corporate persons, hence corporate records, as has been noted, are subject to compelled production.\227\
Slashdot Mirror
Lucky you, I can't even manually check for updates as it is grayed out. What is the point of that? Do i have to suck someone to get the update?
Just a note, the Nixon enemies list is located at: http://en.wikipedia.org/wiki/Nixon's_Enemies_List Your original link didn't go directly to it.
Well that only accounts for part of phishing emails. However just like some people aren't as bright, or as educated in detecting fake emails, there are phishes who aren't as bright as disguising their fake email. Part of the problem is companies not bothering to make things easier for customers.
o unt where the real papal link is https://www.paypal.com/us/cgi-bin/webscr?cmd=_acco unt. (Note Paypal.us is registered by someone in Poland and is currently used for ad squatting) Once again you just have to fall for the simple url and enter your account info. It's not so simple as hey look some 12.34.56.78 is asking me to enter my credit card info.
c esInHostURLNaming.pdf
For example, when just logged into ebay a moment ago it directed me to a page with a contest where i could $500! The link to enter looks like this:
http://srx.main.ebayrtm.com/clk?%5Bmore junk]
So one could go register ebayrts.com or something similar and send some fake emails saying you could win $500! and direct people to a fake log in page. Now a majority of people would probably be suspicious and not fall for it but we know #1 ebay sends email to it's members about promotions, #2 ebay doesn't always use the same domain name. One could follow the advice you lay out and still fall for the email.
Example 2: How about paypal, they send out an email when someone sends you money. Scammer sends email saying you just received $153.21. The link in the email is https://www.paypal.us/com/cgi-bin/webscr?cmd=_acc
Real life used examples from Millersmiles.uk, an archive of phishing emails.
http://www.millersmiles.co.uk/report/2661
http://www.millersmiles.co.uk/report/2681
http://www.millersmiles.co.uk/report/2678
Those examples are not going to work 100% of the time and still aren't undetectable but it just requires one lapse where you can easily fall victim. There seems to be a sort of apathy when it come to actually educating people. Most shrug and say it's their own fault for being scammed while companies continue to provide scammers with more ways to fool people. There is a good paper on host naming and url practices in pdf form at: http://www.ngssoftware.com/papers/NISR-BestPracti
I would imagine phishing schemes would be less effective with just a marginal effort of education end users and following and sound practice by the company.