Quote:
Originally Posted by Phormic Acid
I don’t think a criminal will have such scruples. On the warty edifice that is Webwise is one small phishing-protection wart, which is, unless Phorm are prepare to hand the whole task to a security company, almost certainly going to fall short. Webwise itself will provide one more social-engineering technique for would-be phishers. UK Internet users will start treating page diversions to other sites as normal. What happens if a phishing website notices the presence of a Webwise cookie and serves up a page similar to that in the figure below.
I’m hoping the Webwise invitation page used in any trial will be served over a secure connection using the new EV SSL and will make it clear how customers can differentiate between a genuine Webwise page hi-jack and one that is a phishing page.
Fig.: How a phishing website might take advantage of Webwise’s use of interstitial pages. |
I don't think anyone is going to fall for that phishing scam! Everyone knows that Phorm have already read all your bank details, credit card, financial transactions.