The Hall of Shame is now at
http://AmirHerzberg.com/Shame/index.html

You should be redirected there – below is an old version

 

The `Unprotected Login`
I-NFL Hall of Shame

Last updated: Monday, June 27, 2005

 

Found more? Error, or fixed site? Join our contributors, update the Inter-Net Fraud League Commissioner:

Amir Herzberg (I-NFL Commissioner and developer of TrustBar – improving browsing security)

 

Associate Professor, Dept. of Computer Science, Bar Ilan University

and a proud member of DigiCrime, Inc.

 

The information here is based on my observations and professional experience, and presented only for educational and research purposes.
 It is not a recommendation to use or not use any particular service, and may be outdated or mistaken. Please inform me of errors.

 

Shame on them! (why?)

Install TrustBar to detect
unprotected and spoofed sites

Phishing and Spoofing Q&A

 

Type

Unprotected login sites

Banks and financial institutions

PayPal (outside US…), Chase, Wells-Fargo, SmithBarney (CitiGroup), Bank of America's main site (also BoA with wrong domain), TD Waterhouse, Amex, FirstCommand Bank, MidFirst Bank

Security services (single sign on, CA)

MicroSoft Passport, EquiFax, InstantSSL

Portals, webmail, etc.

Yahoo!, Hotmail

Merchants, eZines, others

Amazon

 

Some screenshots (most using FireFox with TrustBar for improved security indicators)

Banks and Financial Institutions

Security and other (insecure) login sites