[Karunamon]

I really, truly don't see how this is a "silly detail" any more than ensuring the person who collects your credit card information in a retail setting, in person, actually represents the company they claim to, by looking for a uniform, nametag, or other immediately obvious information that identifies someone as working for someone else.

We've been trying to drill it into people to look for the lock icon before entering anything personal for decades and it's kinda starting to stick.

Is it really that much more to ask that you double check to see if the URL you're putting your sensitive information on matches what it claims to be?

It's literally right there. A glance upwards. No clicks or any special arcane knowledge required.

[hnal943]

I think if a conman could get behind the counter in a retail setting, people would give their credit cards over as easily as they do online. No one is looking at the cashier to make sure that they are legitimate, and that's because they don't have to: no retail business could survive news reports of people getting scammed in this way. Honestly the same is true online. There's no expectation that if you started out on Nordstroms.com that your purchase information will be stolen by an imposter. Since Nordstrom's controls the content on that site, it's very difficult for an attack like that to occur.