> > this is NOT a good solution, since a successful phish attack
> > in this case
> > would look exactly like the official red cross web site.
>
> How's that one work?One form of DirectNIC's redirection, which the phisher was
supposedly using
(I didn't check myself), uses a <FRAMESET> to hide the
redirect inside a
frame, thereby not showing the real address in the browser
without deeper
inspection.
Understood. If it's being pointed at redcross.org, a known
good guy site, that wouldn't be a problem, would it? It seems
that if the scammer is removed from the operation, it's not really
a problem anymore.
I'm interested because I think there could be value in a page(s)
on an SP that says "This site terminated due to fraudulent activity"
and pointers to how to not be sucked into these things.
Personally, I'd prefer registrar lock myself, as that keeps
the distinction
between scam and non-scam clear.
Registrar lock is preferred on my part. The redirect idea was
creative.
-M<