RE: (not really a) Proposal to anti-phishing

Mike Andrews writes...

> I remember doing a quiz on phishing some time ago.  After much
digging,
> here's a link to the quiz (version 2)
>
> http://survey.mailfrontier.com/survey/quiztest.html
>
> Sorry, it doesn't give any results of the survey - perhaps someone
could
> email the company and ask about the results, especially which ones
people
> didn't get.

Of course, the "quiz" is pretty much useless. There are some obvious
phishing attempts, but the few that look (are?) legitimate, one can't
really tell because all they give you is an image, so you can't really
see what the links are pointing to or do a 'view source', etc.

Of course, the point should be one should ALWAYS go to the the
web site directly to type in the appropriate URL (if they know
what it is; otherwise look up their site on a search engine
and then type it in).

But IMHO, I think that HTML e-mail should be outlawed, period. That
alone
might go a long way to eliminating a lot of phishing schemes, especially
the ones that rely on bugs in the MUA's HTML rendering engine to entice
the victims.

-kevin wall