Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

MORE ON Bank of America vs security

From: David Farber <dave () farber net>
Date: Wed, 22 Jun 2005 18:42:06 -0400


Begin forwarded message:

From: John R Levine <johnl () iecc com>
Date: June 22, 2005 5:51:50 PM EDT
To: David Farber <dave () farber net>
Cc: Bob Frankston <O2RMF2 () Bobf Frankston com>
Subject: Re: [IP] Bank of America vs security



Received: from pula.cashedge.com ([129.41.8.16]) by **MYMachine**
with Microsoft SMTPSVC(6.0.2600.2180);





What is ?pula.cashedge.com?



Hi, Bob.  Believe it or not, that message was legitimate, not a phish.
Cashedge is a large service bureau that handles inter-account transfers
for BofA and just about every other bank in the country. I just looked up 
pula.cashedge.com which is indeed at 129.41.8.16.

It's not surprising that banks outsource technical functions, but it
boggles the mind that despite the phishing epidemic, their e-mail
practices remain so sloppy. I get all sorts of mail like the one you saw from Cashedge and their major competitor Checkfree, and if I didn't happen to know who they are and what domains they use, I would have guessed that 
they were all phishes, just like the undertrained BofA support droid who
answered your question did.

It's not just account transfers.  I had a BofA credit card (which by
coincidence I cancelled this morning) and when I signed up for the
modestly useful Verified by Visa program, the confirmation message came
from cyota.com, a small Israeli company that would scream phish if I
didn't happen to know who they are because I follow the e-money industry. 
Even mail directly from a bank is hard to figure out; the mail that MBNA
sends me about my credit card comes from all sorts of names like
customercenter.net (which is Checkfree), never mbna.com.  Try and guess
which of mbna-access.com and mbnaaccess.com belongs to MBNA, which to a
squatter in Australia.

Hey, banks: if you want us to tell the difference between real mail from
you and fake mail not from you, how about at least putting your own domain on it? If bulk mailers can do it, like Doubleclick who gets customers to 
delegate email.whoever.com to DCLK's mail hosts, so can you.

Regards,
John Levine, johnl () taugh com, Taughannock Networks, Trumansburg NY
http://www.taugh.com


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: