Wanna go phishing?

It is nothing to do with fishing rather it is kind of cyber crime that exploits today's technology inability to clearly present to end user the identity of the web site she navigates to. It also relies heavily on human naive nature. Yeah, yeah - the yellow lock in the bottom of the browser [IE 6] and even next to URL [IE7]. But did you actually clicked it and checked the actual certificate it uses? Did you verify that it's CA is well known trusted authority.

Huh?...

Consider this. I got one day email that sounded very official from one agency [although I am not their customer]. It looked like this:

Note that the URL is OK, but underlying ACTUAL URL is funny, isn't it? It took me to the well designed web site - total spoof of the original one telling me I need to authenticate and provide my creds. I did not submit any since I am not the member but I suspect someone else would - resulting in her identity loss.

Today's browsers provide anti phishing capabilities but it is long road ahead to make it work good. Mean while tell your grand mom to watch it out when she goes shopping on the net.

Cheers