funsec mailing list archives
Re: bankone/chase non-scam
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Tue, 28 Nov 2006 20:55:46 -0600
On 11/28/06, Larry Seltzer <Larry () larryseltzer com> wrote:
Oh, I was talking about Paul's messages (from Chase) Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com -----Original Message----- From: Gadi Evron [mailto:ge () linuxbox org] Sent: Tuesday, November 28, 2006 8:02 PM To: Larry Seltzer Cc: funsec () linuxbox org Subject: RE: [funsec] bankone/chase non-scam On Tue, 28 Nov 2006, Larry Seltzer wrote: > I don't see any headers on these e-mails so I can't judge them. I > don't see enough proof that these messages are legit, but I see no > reason to believe they are illegit. How could they possibly be used in a scam? I spoke of a bank of america email sent the other day to someone we both know. The email was legit, yet: 1. The server did not sit in the same hosting location as www.bankofamerica.com. 2. It was a different domain. 3. It was a different certificate. 4. etc. I did not believe this was a legitimate email, I was sure it was spam phishing. I was wrong. It was a legitimate email from the bank of america. What is that all about?
A lot of Banks, mine included, hire other companies to send out marketing and informative emails. We even add an SPF record to allow that company to send on behalf of the bank. Did I agree with this? Hell no, but again, another business decision... One thing that is for sure, we send out our own emails where official business is concerned and the war to keep URL's off the email was easily won once we got phished. Dennis
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- bankone/chase non-scam Paul Vixie (Nov 28)
- Re: bankone/chase non-scam Gadi Evron (Nov 28)
- Re: bankone/chase non-scam Drsolly (Nov 28)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- RE: bankone/chase non-scam Gadi Evron (Nov 28)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- RE: bankone/chase non-scam Gadi Evron (Nov 28)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- Re: bankone/chase non-scam Dennis Henderson (Nov 28)
- Re: bankone/chase non-scam Drsolly (Nov 28)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- Re: RE: bankone/chase non-scam Valdis . Kletnieks (Nov 29)
- Re: bankone/chase non-scam Paul Vixie (Nov 29)
- Re: bankone/chase non-scam Gadi Evron (Nov 28)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Gadi Evron (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)