yes they could however, that would be a much more elaborate scam which would involve spoofing certificate authorities among many other things.

the thing here is that a phisher wants to collect as much information as possible in as short a time span as possible with the least amount of effort.

Its not that they are lazy, it’s just that as soon you start creating more elaborate scams, the more you have to interact with other parts of the internet infrastructure and that means longer set up times, more precision in who gets selected for the attack, all of which creates more risk in relation to the benefit.

yes if you personally managed to piss off a group of serious crackers they can make your life very very problematic. But then its a precision attack and not a broadsword operation.

And why do a high risk low yield attack on you when they can make a high risk extreme yield attack on say the creditcard system of Walmart or IKEA. If you managed to steal all teh creditcard information from the sales of 1 hour at walmart or 1 hour at IKEA youwould end up with a few milion creditcards.

Now the credit cards are only good to you as long as the theft has been undetected otherwise the credit card companies will put the numbers on a special watch list and kill them off one by one as the thief tries to use them. Happens more often than you think.

I hope that explained some of the ways the organised crime of the internets work.

Chris

Is it actually the case that the presence of “https” at the start of the URL indicates the website is safe to enter personal information? I thought that all “https” signifies is that traffic is encrypted point to point. Can’t the bad guys do that as easily as a bank?

But thankfully, no one needs to worry (that is assuming they use OpenDNS )