RE: bankone/chase non-scam

[Larry Seltzer <Larry () larryseltzer com>]

I don't see any headers on these e-mails so I can't judge them. I don't
see enough proof that these messages are legit, but I see no reason to
believe they are illegit. How could they possibly be used in a scam?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

-----Original Message-----
From: Gadi Evron [mailto:ge () linuxbox org] 
Sent: Tuesday, November 28, 2006 7:55 PM
To: Larry Seltzer
Cc: funsec () linuxbox org
Subject: RE: [funsec] bankone/chase non-scam

On Tue, 28 Nov 2006, Larry Seltzer wrote:
> > > People should be told that all emails purporting to come from banks
> are to be ignored, and then banks have to find another way to 
> communicate with their customers.
>
> > > My bank uses bits of paper.
>
> We (PCMag) tell them if they get an e-mail from a vendor or a bank or 
> whatever and they're curious about it to go to the site through their 
> normal bookmark or by typying in the URL and to check their account on

> the site that way.
>
> The e-mails Paul sends are sort of lame, but the only link in them 
> goes to www.chase.com and I don't see how they could be used in a 
> scam. It sounds like the user needs a new activation code; if they go 
> to the site they will be prompted for it.

Larry, I am, say, a beyond average Internet end user.

If I, who can whois the domain, the IP, check the certificate and
compare the key IDs, then surfs to the site. Checks the email headers
and the source of the DATA section, can't make up my mind if a
legitimate email really is legit, there is something very wrong with how
the bank operates.

What do you expect a regular user to do?


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.