Hi, Is there a place to discuss and find solutions for email related security issues? I've just receives a nice email from my banker (ok, it claims to be from my banker) asking me to visit my banks website and confirm my email address. This email is by far the most convincing piece of fraud I received to date so far. The URL loads up the bank page plus a popup provoding a login. Looking at the source of the popup it revels that it is positively not a legit source and most likely used to harvest peoples access information. Thoughts? Adi
On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
I've just receives a nice email from my banker (ok, it claims to be from my banker) asking me to visit my banks website and confirm my email address. This email is by far the most convincing piece of fraud I received to date so far. The URL loads up the bank page plus a popup provoding a login. Looking at the source of the popup it revels that it is positively not a legit source and most likely used to harvest peoples access information.
Yep, got the same one. Quite a good fake. Even the faked Received: line has an IP from an IP block of this bank. The only "technical" thing which I saw when taking a quick look which showed the fake was the .edu relay inbetween. Best regards, Daniel
This is one of those times where either PGP/GPG or these digital ID things in Outlook/Outlook Express would come in handy. Not that I would expect normal users to bother to check to see if the sig is legit or not, considering these are the same people who seem to have no problem opening a zip file and running an exe in it (ala MiMail). -------------------------- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org ----- Original Message ----- From: "Daniel Roesen" <dr@cluenet.de> To: <nanog@merit.edu> Sent: Monday, November 10, 2003 2:30 PM Subject: Re: Email security issues
On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
I've just receives a nice email from my banker (ok, it claims to be from my banker) asking me to visit my banks website and confirm my email address. This email is by far the most convincing piece of fraud I received to date so far. The URL loads up the bank page plus a popup provoding a login. Looking at the source of the popup it revels that it
is
positively not a legit source and most likely used to harvest peoples access information.
Yep, got the same one. Quite a good fake. Even the faked Received: line has an IP from an IP block of this bank. The only "technical" thing which I saw when taking a quick look which showed the fake was the .edu relay inbetween.
Best regards, Daniel
Thus spake "Brian Bruns" <bruns@2mbit.com>
This is one of those times where either PGP/GPG or these digital ID things in Outlook/Outlook Express would come in handy. Not that I would expect normal users to bother to check to see if the sig is legit or not, considering these are the same people who seem to have no problem opening a zip file and running an exe in it (ala MiMail).
Some MUAs automatically verify signatures before allowing the user to view the message... S Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
Adi Linden writes on 11/10/2003 2:10 PM:
Hi,
Is there a place to discuss and find solutions for email related security issues?
In this case - contact the bank and report an attempted fraud. Contact the ISPs whose servers were (ab)used to send out the mail / host the phish site. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
participants (5)
-
Adi Linden
-
Brian Bruns
-
Daniel Roesen
-
Stephen Sprunk
-
Suresh Ramasubramanian