Coding Horror presents
Phishing: The Forever Hack
Which was interesting but the only conclusion that can be drawn is that web browsers must protect the sheep. I personally would like to see it easier to report Phishing sites the last one was quite the chore. Years ago and probably still today there were people that would call house randomly and ask for personal information under the guise of some legitimate company. Fortunately most companies had a public out cry "We will never call you and ask for information." To their credit most did not. Here in lies the problem with Phishing sites common typos we cannot prevent ( unless we have address books, your favorites may be good only on the second visit. ) But Companies could stick to not sending emails asking users to log in. As long as you legitimate companies come along and publish links and encourage users to login we will have this problem. You further make the problem worse when you find ways to display the full html message circumventing any built in browser/email security. Forget the convinence of email links and error on the side of teaching users one good standard. Never click on links from an email.