Date: Tue, 12 Dec 2017 12:56:43 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Michelle Sullivan <michelle@sorbs.net> Cc: Yuri <yuri@rawbw.com>, Igor Mozolevsky <mozolevsky@gmail.com>, freebsd security <freebsd-security@freebsd.org> Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <86h8swgnwk.fsf@desk.des.no> In-Reply-To: <5A2DB9F8.1040301@sorbs.net> (Michelle Sullivan's message of "Mon, 11 Dec 2017 09:49:28 %2B1100") References: <97f76231-dace-10c4-cab2-08e5e0d792b5@rawbw.com> <5A2709F6.8030106@grosbein.net> <11532fe7-024d-ba14-0daf-b97282265ec6@rawbw.com> <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <20171205231845.5028d01d@gumby.homeunix.com> <CADWvR2gVn8H5h6LYB5ddwUHYwDtiLCuYndsXhJywi7Q9vNsYvw@mail.gmail.com> <20171210173222.GF5901@funkthat.com> <CADWvR2iGQOtcU=FnU-fNsso2eLCCQn=swnOLoqws%2B33V8VzX1Q@mail.gmail.com> <5c810101-9092-7665-d623-275c15d4612b@rawbw.com> <CADWvR2j_LLEPKnSynRRmP4LG3mypdkNitwg%2B7vSh=iuJ=JU09Q@mail.gmail.com> <fd888f6b-bf16-f029-06d3-9a9b754dc676@rawbw.com> <CADWvR2jnxVwXmTA9XpZhGYnCAhFVifqqx2MvYeSeHmYEybaNnA@mail.gmail.com> <19bd6d57-4fa6-24d4-6262-37e1487d7ed6@rawbw.com> <CADWvR2gkFGY8CH5L7N67z8mfOux=Vjv8eobpK=pOpCKW3ysAkA@mail.gmail.com> <913910fb-723b-e450-8f02-4c26b3c15287@rawbw.com> <CADWvR2hR2-DPayNVOUvTxMQ=tj7YpotVzKFHGQFPoC5ZGDvnNA@mail.gmail.com> <898df78d-c0b1-9e9f-0630-2665c3939960@rawbw.com> <5A2DB9F8.1040301@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Michelle Sullivan <michelle@sorbs.net> writes: > User gets an email saying his banking details are compromised, and to > update them now. User clicks the link and gives banking details to > phishing site as well as having a keylogger and rootkit installed > during the process. User has bank account hacked. Where did the bank > go wrong? Banks and financial institutions have whole teams working 24/7, usually in cooperation with national authorities, to detect, investigate and shut down phishing campaigns, and to warn customers (either directly or through mass media) of particularly large or well-executed campaigns. In the EU and EEA, banks are liable for losses in excess of €150 unless the customer acted “with intent or gross negligence”, but the definition of “gross negligence” is fluid. Legal precedent in Norway is to hold the customer liable only if the email was “an obvious forgery”, for some definition of “obvious”. TL;DR: yes, banks are held liable for losses attributable to phishing. Source: I do this for a living (although not at a bank). DES -- Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86h8swgnwk.fsf>