HJ wrote:
You will notice a swift towards e-mail phishing soon, because there's a lot of chatter about it already. Again, people use Mozilla features on their bank sites, like the password manager, and that makes your inbox even more interesting.
Mining useful data from email accounts is harder, and probably involves a human step, so is harder to automate. If phishers are reduced to trying to break into your email, we'll have won a significant victory.
Gerv
Please keep in mind that phishing attacks are also used for identity theft, something far more serious then a 'one time' credit card fraud.
I myself have been victim of such fraud; someone bought a brand new car in my name, but I got the invoice, but I was lucky because I was far far away for months, so it couldn't be me.
Neil, my best friend ever, was also victim of this; he bought a house in Germany (nearby Ramstein), which is not true, and he died in a car crash (as did his fiancee and their unborn child) on their way in to defend him.
So what exactly did we do wrong? Well, nothing. In fact I was fighting to stay alive and so was Neil. We didn't even log into some site, but they got a handle on our e-mail address and that's what made it possible. Yeah, I've learned a lot of phishing since, but I rather have my best friend back, but that's impossible :(
/HJ _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security