Webmail login page: add "safe word"
Hi, I would like to be able to change the webmail login-page slightly, in that I'd like to add a safe-word to it.
There are a lot of fraudulent websites and there is a big risk that someone unwittingly fills in their username/password to a phishing website. With a safe-word, this risk could be somewhat reduced. For example, I can tell my clients that they should not fill in a cpanel or webmail page unless they see the safe-word "Nebraska" on that login-page.
Hope you like my idea. I know it's not perfect, but at least it's one extra measure against phishing attempts. Ideally the safe-word would be domain-specific, in order to thwart reconaissance somewhat (although they can still link webmail pages to IP addresses).
-
why not just have them ensure they are logging into the correct webmail URL? it's much easier for them to verify the site, and if your safe word is present on the site and someone wanted to duplicate your webmail login, don't you think they'd copy that? 0 -
why not just have them ensure they are logging into the correct webmail URL? it's much easier for them to verify the site, and if your safe word is present on the site and someone wanted to duplicate your webmail login, don't you think they'd copy that?
Hi Vanessa, thanks for responding. Yes, URL verification is important too (even more so indeed). About duplicating the site " this is not to counter specifically targeted attacks but for generic phishing mails that make use of generic cpanel spoofing. I'm working with some users that are 70+ years old, bless their hearts. I need something extra to counter "but the email looked so convincing" type of arguments. "did you verify the URL" is more complicated to them than "was the safe word there when you logged in?"0 -
The file you're looking for is /usr/local/cpanel/base/unprotected/login_webmaild.html . 0
Please sign in to leave a comment.
Comments
4 comments