"7h3 d0n4lD" said:
Andy Linton wrote:
It would be good if these phishing discussions focussed on technical aspects of what can be done by people on this list once the list knows about the latest scam. The banks I suspect will make their own decisions without seeking advice here.
This thread should now turn to a technical topic or go away.
Okay. Recently I found that one of work's web sites had been hit by referrer spam. The answer for us was to tell apache to block based on referrer URL (and to limit access to /webalizer/ to local IPs only.) Surely banking site admins can make some basic assumptions about their customers... They can't assume that the customer is on a NZ IP range, but they can assume that links to graphics etc will only come from their own site. How long will it be before some bank commissions an activex control that is required to log into their site. Anyone remember the BNZ banking app for windows that dialed up directly to the bank?