On 04/23/2012 06:40 AM, Jason Haar wrote: > OT but related > > I just got a bunch of phishing attacks against a bank come through. > Following the link leads me to some owned website with the fake bank > frontend - and it had a feature that I've seen time and time again: > images and links from the real banksite > > Why don't banks rub two braincells together and start monitoring the > referrers on their primary webpages (eg logos, terms and conditions) and > return a "RUN AWAY!!! IT'S A TRAP!!!" page whenever someone views the > phishing sites? The Referrer header would allow that instantly > > They really don't give a damn do they...
Seems OK for existing clients who type the domain manually (or via a bookmark). However, newly visiting clients might find the link via a search engine, or (say) a site that contains a ranked list of the banks. In the latter case, the referrer's domain name will not be that of the bank's, and will likely trigger a false positive. Boils down to risk management -- money to lose by being a victim, versus that of turning new customers away due to the false positives. -- Regards, Mahmoud Khonji PGP Key: 0x92584ECA