Hacker News new | ask | show | jobs
by ced 5908 days ago
Isn't this incredibly simple to defeat? The phishing site can send your username to the real bank's website and retrieve the image.
1 comments
sagarm 5908 days ago
If you do that, the bank will notice a bunch of connections from the same IP for different usernames.

You could use a botnet to do the lookups, but that still makes the attack substantially more difficult.

link