[65048] in North American Network Operators' Group
Re: Email security issues
daemon@ATHENA.MIT.EDU (Brian Bruns)
Mon Nov 10 14:38:51 2003
From: "Brian Bruns" <bruns@2mbit.com>
To: <nanog@merit.edu>
Date: Mon, 10 Nov 2003 14:36:44 -0500
X-SA-Exim-Mail-From: bruns@2mbit.com
Errors-To: owner-nanog-outgoing@merit.edu
This is one of those times where either PGP/GPG or these digital ID things
in Outlook/Outlook Express would come in handy. Not that I would expect
normal users to bother to check to see if the sig is legit or not,
considering these are the same people who seem to have no problem opening a
zip file and running an exe in it (ala MiMail).
--------------------------
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
The AHBL - http://www.ahbl.org
----- Original Message -----
From: "Daniel Roesen" <dr@cluenet.de>
To: <nanog@merit.edu>
Sent: Monday, November 10, 2003 2:30 PM
Subject: Re: Email security issues
>
> On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
> > I've just receives a nice email from my banker (ok, it claims to be from
> > my banker) asking me to visit my banks website and confirm my email
> > address. This email is by far the most convincing piece of fraud I
> > received to date so far. The URL loads up the bank page plus a popup
> > provoding a login. Looking at the source of the popup it revels that it
is
> > positively not a legit source and most likely used to harvest peoples
> > access information.
>
> Yep, got the same one. Quite a good fake. Even the faked Received: line
> has an IP from an IP block of this bank. The only "technical" thing
> which I saw when taking a quick look which showed the fake was the
> .edu relay inbetween.
>
>
> Best regards,
> Daniel
