RE: bankone/chase non-scam

[Gadi Evron <ge () linuxbox org>]

On Tue, 28 Nov 2006, Larry Seltzer wrote:
> > > People should be told that all emails purporting to come from banks
> are to be ignored, and then banks have to find another way to
> communicate with their customers.
>
> > > My bank uses bits of paper.
>
> We (PCMag) tell them if they get an e-mail from a vendor or a bank or
> whatever and they're curious about it to go to the site through their
> normal bookmark or by typying in the URL and to check their account on
> the site that way.
>
> The e-mails Paul sends are sort of lame, but the only link in them goes
> to www.chase.com and I don't see how they could be used in a scam. It
> sounds like the user needs a new activation code; if they go to the site
> they will be prompted for it.

Larry, I am, say, a beyond average Internet end user.

If I, who can whois the domain, the IP, check the certificate and compare
the key IDs, then surfs to the site. Checks the email headers and the
source of the DATA section, can't make up my mind if a legitimate email
really is legit, there is something very wrong with how the bank operates.

What do you expect a regular user to do?

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.