Re: Email security issues

["Brian Bruns" <bruns () 2mbit com>]

This is one of those times where either PGP/GPG or these digital ID things
in Outlook/Outlook Express would come in handy.  Not that I would expect
normal users to bother to check to see if the sig is legit or not,
considering these are the same people who seem to have no problem opening a
zip file and running an exe in it (ala MiMail).


--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The AHBL - http://www.ahbl.org
----- Original Message ----- 
From: "Daniel Roesen" <dr () cluenet de>
To: <nanog () merit edu>
Sent: Monday, November 10, 2003 2:30 PM
Subject: Re: Email security issues


> On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
> > I've just receives a nice email from my banker (ok, it claims to be from
> > my banker) asking me to visit my banks website and confirm my email
> > address. This email is by far the most convincing piece of fraud I
> > received to date so far. The URL loads up the bank page plus a popup
> > provoding a login. Looking at the source of the popup it revels that it
is
> > positively not a legit source and most likely used to harvest peoples
> > access information.
>
> Yep, got the same one. Quite a good fake. Even the faked Received: line
> has an IP from an IP block of this bank. The only "technical" thing
> which I saw when taking a quick look which showed the fake was the
> .edu relay inbetween.
>
>
> Best regards,
> Daniel