Quote:
Originally Posted by SelfProtection
Don't forget that these images are trademarks/Copyright Images. So it should be made obvious somewhere on the final image that this was the intended Webwise startup page as opposed to any actual page.
|
I don’t think a criminal will have such scruples. On the warty edifice that is Webwise is one small phishing-protection wart, which is, unless Phorm are prepare to hand the whole task to a security company, almost certainly going to fall short. Webwise itself will provide one more social-engineering technique for would-be phishers. UK Internet users will start treating
page diversions to other sites as normal. What happens if a phishing website notices the presence of a Webwise cookie and serves up a page similar to that in the figure below.
I’m hoping the Webwise invitation page used in any trial will be served over a secure connection using the new EV SSL and will make it clear how customers can differentiate between a genuine Webwise page hi-jack and one that is a phishing page.
Fig.: How a phishing website might take advantage of Webwise’s use of interstitial pages.