@stacksofplates said in OWA is vulnerable to Phishing:

@scottalanmiller said in OWA is vulnerable to Phishing:

@aidan_walsh said in OWA is vulnerable to Phishing:

@Breffni-Potter said in OWA is vulnerable to Phishing:

Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

Same again for the banking website.

Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

And yet...

Partially that's because real banks have done that traditionally.

Like AMEX. I needed a password reset and they asked all of the info on my card, other than my name and expiration.

Yeah, it definitely still happens. And I've had huge security gaps that I've told a bank was not secure and they didn't care. I said... I literally have no means to tell if you are really my bank or not and they are just like "so, we don't care."