From: Mike N. 

On Sat, 24 Mar 2007 13:26:13 -0400, "Geo."  wrote:

>Why is this surprising, do you know anyone who has had their CC info stolen
>because they weren't using an SSL connection? It's far more likely that they
>are using SSL but to the wrong website.. (phishing)

    So far, SSL in phishing sites is very rare.   Phishers don't even
bother to set up SSL, although they easily could begin using SSL when
serving phishing pages from a botnet.    Almost 99% of phishing losses
today are not even over SSL.   Most people don't even bother to check the
actual browser padlock security indicator.    But they shouldn't be
clicking on email links anyway.

   All the nonsense and billions of dollars wasted today with SiteKeys,
Extended Validation  SSL certificates, Yellow and Green bar browser URL
areas, would be avoided if everyone just knew how to check their SSL
certificates, then bookmark the SSL page.    Only enter bank sites from the
SSL bookmark, do not proceed if the browser complains.     That would avoid
all Phishing, Pharming, etc from outside influences.     The on-board
malware is still a problem, but you're pretty well toasted if that happens anyway.

--- BBBS/NT v4.01 Flag-5