These are all excellent points. E-mails shouldn't contain sensitive information
and companies should try hard not to look like phishers to better help
customers tell the difference. But the underlying problem is that e-mail
technology is to blame. E-mails are not encrypted, they do not authenticate the
source (the sender or originating server), they do not prevent tampering, and
they do not ensure that only the recipient can view the message. Fixing this
problem would make so many other problems--including spam, worms, and
scams--simply irrelevant.
Wouldn't it be great to step back a bit and fix some of the world's core
technology flaws?
Mark
On Thu, 27 Oct 2005 10:34:45 +0200, Damhuis Anton wrote:
Hi
But email is sent over an unencrypted link, thus any body could get
hold of the link, and by entering it, get access to the web site's
details (the account).
Something should always be kept secret, when sending logon
information via email.
So I don't think it is mitigating phishing, but possibly rather a
way to track their responses to the email.
Or am I understanding your statement incorrectly?
Regards
Anton
-----Original Message-----
From: Ofer Shezaf [mailto:Ofer.Shezaf@breach.com]
Sent: 27 October 2005 10:15
To: Andrew van der Stock; webappsec@securityfocus.com Subject: RE:
Smells like a phish, is a fish?
..
provide you with a key in the e-mail, rather than asking for a
login might actually be a way to mitigate phishing.
Confidentiality Warning
=======================
The contents of this e-mail and any accompanying documentation are
confidential and any use thereof, in what ever form, by anyone
other than the addressee is strictly prohibited.
