http://www.opendns.com/phishing-quiz/?utm_source=nl012011&utm_medium=email&utm_campaign=home
I got 7/10, but I have no idea how. The site says I'm a ninja, but I feel like a fraud :)
Steve
I managed 6/10
6/10 but I tend to hover over links and the like as well as looking at the Netcraft toolbar which displays the IP owner which is a big clue, to me anyway.
Blimey, I only got 3! :red:
Erm something's a bit wrong with that test.
It claims the screenshot of the Citibank site is genuine (i.e at the end it says it's not a phishing site) but if you look carefully it asks for your ATM pin number in order to login. The genuine site wouldn't ask for that.
Quote from: .Griff. on Jan 05, 2011, 22:31:05
Erm something's a bit wrong with that test.
It claims the Citibank site is genuine but if you look carefully it asks for your ATM pin number in order to login. The genuine site wouldn't ask for that.
I just looked at the genuine site and it does, indeed, ask for your ATM PIN :dunno:
Steve
Quote from: D-Dan on Jan 05, 2011, 22:35:26
I just looked at the genuine site and it does, indeed, ask for your ATM PIN :dunno:
Steve
Really?
That's a bit strange... I thought every bank on the planet played by the same rules - "Never disclose your pin number to anyone"..
I wouldn't be happy entering it on any website even if it was the banks own site.
I agree with you, Griff, though if you think about it, the ATM PIN is neither use nor ornament without the card to go with it.
Steve
Quote from: D-Dan on Jan 05, 2011, 22:39:59
I agree with you, Griff, though if you think about it, the ATM PIN is neither use nor ornament without the card to go with it.
Steve
They also ask for your card number though. It's not exactly difficult for criminals to reproduce cards and having the pin number sent with the card number is making things a bit easier for criminals that it needs to be surely?!?
Not in the case of a magstripe card which they could knock up if they had the account details I believe.
Yes but not there. It is a daft test. I stopped after looking at about 3 or 4 of the sites.
There is not enough information to draw a conclusion.
For instance, you need to be able to mouse over the links on the page. You cannot do that with a screenshot.
You need to know how you got to the page in the first place. Was it from a saved bookmark or by clicking some link from somewhere?
You need to check the encryption provided on a site that is supposed to be secure.
1. Is it encrypted?
2. Is the certificate issued by a known provider?
3. Is it issued to the organisation whose site you believe you are entering?
It is also impossible to decide just by looking at a screenshot which is supposed to be similar to a site you have never seen.
All very true, and probably why I did so badly. ;D
It is not a test,it's just an advert for OpenDNS. :no:
Quote from: armadillo on Jan 06, 2011, 00:24:56
Yes but not there. It is a daft test. I stopped after looking at about 3 or 4 of the sites.
There is not enough information to draw a conclusion.
For instance, you need to be able to mouse over the links on the page. You cannot do that with a screenshot.
You need to know how you got to the page in the first place. Was it from a saved bookmark or by clicking some link from somewhere?
You need to check the encryption provided on a site that is supposed to be secure.
1. Is it encrypted?
2. Is the certificate issued by a known provider?
3. Is it issued to the organisation whose site you believe you are entering?
It is also impossible to decide just by looking at a screenshot which is supposed to be similar to a site you have never seen.
Yep.
They main giveaway is the URL. Without it, it could be a perfect copy (screen print). So it's a Blind test AFAIK. Not really very good for test how real things are. I've also seen training manuals that have the "real" and "fake" pictures reversed in error. :slap:
Or ignorance...
I regard all unsolicited pop ups/emails/etc as phishing attempts. OK, I may delete the odd genuine one but so what!!
Exactly, Sobranie. I do not even click links in legitimate emails from banks and utilities. If they say click here to enter your readings, I just use my saved bookmark to go to my usual login and then enter my readings. I have also really annoyed banks who phone me up unsolicited and then ask me for my security details to confirm they are talking to me. I tell them I never give details to anyone who phones me! It pees them off something rotten ;)
I'm all in favour of that. :)
I do that too! ;D
I thought this was going to be one of those spot the real or fake boob tests. I'm quite disappointed :blush:
As has been pointed out, it's not a fair test. There are no URLs in the address bar and the first test was enough for me not to bother going further. There are literally hundreds of fake battle.net sites that are identical to Activision Blizzard's battle.net login screen. Anyone with a World of Warcraft account will or should know to check the URL in the address bar before logging in.
yes its very hard without the URL or certificate.