Detection of Fake Log-In Page
In this BBC report it reads "Staff get emails sent to them pretending to be from the service desk, asking them to reset their log-in passwords.
This issue can be mitigated. We hope to help detect fake log-in pages built by phishers; Enable the user to register an image of their own (not shared on SNS) as a credential of the genuine log-in server.
When the genuine service desk sends an email to a user to ask them to reset their log-in password, the genuine log-in page should be able to show the user’s image (along with dozens of other images). The user, who finds their own image, could be reasonably assured that they are watching the genuine log-in page.
If the user is guided to a log-in page that does not show any image that the user can recognize right away, it is suspected to be a fake log-in page – Beware!
The image to register as a credential of the genuine log-in page should desirably be of episodic memory. We announced this method 18 years ago.
Remark: Crucial in the scheme is “"show the user’s image ALONG WITH DOZENS OF OTHER IMAGES".
< References >
< Videos on YouTube>
< Latest Media Articles Published in 2020 Spring>
Digital Identity – Anything Used Correctly Is Useful https://www.valuewalk.com/2020/05/digital-identity-biometrics-use/
‘Easy-to-Remember’ is one thing ‘Hard-to-Forget’ is another https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/