Mike Barnes wrote:
The Natural Philosopher :
Mike Barnes wrote:
The Natural Philosopher :
Mike Barnes wrote:
The Natural Philosopher :
Look it seems that people don't actually understand this scam.
A letter arrives. It appears to come from - lets say - customer-
One giveaway is it isn't addressed directly to you, by name.
It tells you to click on the attached html form and fill it out.
Do I understand you correctly, that some e-mail clients will accept
an
HTML form and enable you to complete and submit it without it being
displayed in your browser? That sounds scary. I ask because my mail
client won't do anything like that, I'm sure.
No, clicking on the form WOULD have invoked my browser and looked like
I was logging in to my bank.
Presumably it would have looked like you were logging in to your
bank
only if you ignored the browser's address bar when the form was
displayed.
The form was attached to the email so was in fact in my inbox. I am not
sure what the location bar says with a file.
Something relatively meaningless such as "file://C|/temp/1h23.html" I
would think.
file:/tmp./lloyds-bank.html actually
As I said the ONLY place where the 'foreign' web site was mentioned was
as a FORM target.
What's relevant is not where the foreign site address was or was not
displayed, but the fact that the real site's address *wasn't* displayed
in the address bar. Neither was the secure site padlock displayed. So it
really didn't look like you were logging in to your bank, if you were
looking in the right places.
What you fail to realises is you fill out the form which is on your
computer, hit the submit button and it TAKES you - as far as you can
tell - TO your banks real secure website. You wouldn't notice it took
you somewhere else that immedaitely redirected you to the real bank site.
Having stolen your login first.