In most cases , we had to present a more familiar error messages with the organization logo etc to delay victims escalation. More like having them "try again". That was an exercise btw!
On Mon, Mar 13, 2017 at 10:44 AM Michael Rasmussen <mich...@michaelsnet.us> wrote: > On 2017-03-08 09:53, Rich Shepard wrote: > > On Wed, 8 Mar 2017, Richard Owlett wrote: > > > >> Look carefully. Our local morning TV news (SouthWest Missouri) about a > >> scam that had a very good visual imitation of the legitimate site. > >> What > >> warned the possible victim was looking carefully at the displayed URL. > > > > I strongly doubt that a fake site would ask the same security > > questions > > and accept the answers when they are correct. Not quite the second > > layer > > security of sending a one-time numeric key to my cell phone, but close > > enough. > > A man in the middle or a man in the browser attack would ask the right > security questions. As soon as you provide the answers they'd put up > some fake error page and then bleed your account. > > > > -- > Michael Rasmussen, Portland Oregon > Be Appropriate && Follow Your Curiosity > _______________________________________________ > PLUG mailing list > PLUG@lists.pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
