Fun little quiz from McAfee...identifying spoofed sites and other scams. Not hard, but fun to spot the giveaways.

Linky (http://www.siteadvisor.com/quizzes/phishing_0707/)

Fun little quiz from McAfee...identifying spoofed sites and other scams. Not hard, but fun to spot the giveaways.

Linky (http://www.siteadvisor.com/quizzes/phishing_0707/)

I got 8 out of 10 without even enlarging the pictures. :D

Lucky guessing.

9/10 and I had a lot of fun doing this. :D

9/10 : the Chase one got me.

LOL. 8/10. So much for my security credentials :D:D:D

8/10

paypal and myspace

LOL. 8/10. So much for my security credentials :D:D:D

Same here- I feel I let myself down.

That being said, if I was really going to enter personal information I would have paid A LOT more attention.

7/10 :o

8/10 for me....and i'm really off my game today because i missed some rather obvious grammatical errors. :o oopsie.

that was fun...thanks for the link!

9/10, the chase one got me too. Maybe I should have read it some more. :) That almost seemed like one of the more obvious ones if you read their explanation.

10/10

10/10. there was a lucky guess in there somewhere, but i got it. yay! :)

7/10

The Banking sites screwed me up.:o

9/10

I always scrutinize a website before giving personal information or logging in. There was one I got confused on and accidentally voted for.

Of course it helped that I'm familiar with most of those sites and their layout :D

7/10 - MySpace, CapitalOne and Chase

Of course, I've never used CapitalOne, so their big giveaway - the logo - didn't do anything for me. But, that's no excuse.

I got 10/10 also. I thought the Chase and Cap One ones were hard. Some of the others I knew right away because I actually use them, though. Although, scarily, I use BoA and I had to scrutinize that one closely.

9/10 Missed the myspace one - and I since I don't use it, I'm not worried.

9/10, I missed the Amazon one I think.

9/10

I got the very last question wrong about SSL...oops, at least now I know. There were some of them where the address bar link was shown and you just have to check to make sure it is https

and there were some that I used so I knew what they were supposed to look like (e.g., Amazon)

NNOOOOO...... 4/10.. i even fail in computers aswell as life.

7/10

I learned some stuff though, which is good. Thanks WildCowboy, it was fun:)

I got 8 out of 10. It's kind of sobering.

8/10

paypal and myspace

Same here

6/10 baby :D
Oh wait, thats bad :D

10/10 :D

I could tell by the address fields in a few of them, and I could tell the Amazon one just because I know what the real one looks like.

9/10

One of the Paypal ones got me.

9/10

E-Mail question got me.

10/10, but guessed on the MySpace one since I don't use MySpace.

Thanks WildCowboy for the good exercise.

10/10 :cool:

9/10 Missed the myspace one - and I since I don't use it, I'm not worried.

10/10 - The Myspace giveaway was the ridiculous URL in the address bar.

we're all security elites here, aren't we

8/10

I got 10/10 too.

9/10

I got the very last question wrong about SSL...oops, at least now I know. There were some of them where the address bar link was shown and you just have to check to make sure it is https

and there were some that I used so I knew what they were supposed to look like (e.g., Amazon)

Hey, I missed only that one too!

10/10. Had to enlarge a couple to check the URLs, which made them blindingly obvious. Most I could figure out without resorting to the URL. Some were laughably bad.

I got the very last question wrong about SSL...oops, at least now I know.

Yeah, just because the connection between you and the site is secure, it doesn't mean that it's the site you think it is.

I have SSL/https available on one of my personal websites, and I could put a fake Bank of America site on there, and it would authenticate as just fine. It's not authenticating as BofA, it's just authenticating as URL matching a known certificate. The fact that it would appear as "https://www.bankofamerica.com.mypersonaldomain.us" just means you have to look beyond the first ".com". Plus, there is a vulnerability that lets you spoof a browser into displaying a 'cut off' address. (I think it's been patched in all current browsers, but if you're using an unpatched IE6, I could make it LOOK like you actually are on "https://www.bankofamerica.com", when you're actually on a different domain.)

Two big giveaways: Banks will *NEVER* ask you for your full credit card number, PLUS the three digit code on the back, PLUS your full SSN. (I was seriously worried once when one of my banks did ask for the full CC# plus verification code, though. I had to call them to make sure their site hadn't been hijacked, and promptly complained about the insecurity of asking for both of those bits of info at the same time.) And a bank will generally not put a link to a 'deep' page in an email, they will link to their home page, and tell you in the email to use standard login methods. (Although, again, some are still not as security-conscious as they should be.)

10/10. (OK, technically 9/10 because I started checking the forged websites instead of the legitimate ones. I realized my mistake almost immediately, but it was too late for the Bank of America Question. That was the hardest question for me, which is probably why I got so confused). :o

I actually got several of these emails yesterday (and I hardly ever get spam!). "Wells Fargo" told me I needed to sign-in to their "new" website. The biggest red flag for me was the fact that they sent me the same email three times! :D

The biggest red flag for me was the fact that they sent me the same email three times! :D

... from 3 different addresses? :rolleyes: