Many important, sensitive login sites are not protected, making it easier to steal passwords from naive (and even experienced) users. See `Hall of Shame` listing such sites at http://www.cs.biu.ac.il/~herzbea/Shame.html Examples: Banks and FIs: PayPal, Chase, SmithBarney (CitiGroup), Bank of America, TD Waterhouse, Amex, FirstCommand Bank, MidFirst Bank Security services: MicroSoft Passport, EquiFax, InstantSSL All sites were warned before being added to the Hall of Shame (few actually fixed their sites and are therefore not on the page, e.g. eBay). A related resource - a FAQ on phishing and spoofing, at http://www.cs.biu.ac.il/~herzbea/shame/FAQ.htm -- Best regards, Amir Herzberg Associate Professor Department of Computer Science Bar Ilan University http://AmirHerzberg.com New: see my Hall Of Shame of Unprotected Login pages: http://AmirHerzberg.com/shame.html