The Hall of Shame is now at

You should be redirected there – below is an old version


The `Unprotected Login`
I-NFL Hall of Shame

Last updated: Monday, June 27, 2005


Found more? Error, or fixed site? Join our contributors, update the Inter-Net Fraud League Commissioner:

Amir Herzberg (I-NFL Commissioner and developer of TrustBar – improving browsing security)


Associate Professor, Dept. of Computer Science, Bar Ilan University

and a proud member of DigiCrime, Inc.


The information here is based on my observations and professional experience, and presented only for educational and research purposes.
 It is not a recommendation to use or not use any particular service, and may be outdated or mistaken. Please inform me of errors.


Shame on them! (why?)

Install TrustBar to detect
unprotected and spoofed sites

Phishing and Spoofing Q&A



Unprotected login sites

Banks and financial institutions

PayPal (outside US…), Chase, Wells-Fargo, SmithBarney (CitiGroup), Bank of America's main site (also BoA with wrong domain), TD Waterhouse, Amex, FirstCommand Bank, MidFirst Bank

Security services (single sign on, CA)

MicroSoft Passport, EquiFax, InstantSSL

Portals, webmail, etc.

Yahoo!, Hotmail

Merchants, eZines, others



Some screenshots (most using FireFox with TrustBar for improved security indicators)

Banks and Financial Institutions

Security and other (insecure) login sites