It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf
On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes <ke...@digital-gurus.com>wrote: > Yes, unfortunately it is this easy. > > On Dec 4, 2013, at 12:21 PM, Edmund Cramp <e...@motion-labs.com> wrote: > > A user received an email that purports to come from one of our customers > with the instructions: > > "Click the securedoc.html attachment to open (view) the secure message. > For best results, save the file first and open it from the saved location > using a Web browser." > > My email system, very sensibly stripped and quarantined the file, and > stored it with a couple of hundred of assorted New Order.zip and payroll > report.xls files in the quarantine directory. Opening the file with > notepad shows it to be mostly javascript with various references that make > it appear to come from the Bank of America. > > My immediate reaction was unprintable but hell, assuming that it's "real" > and that's not certain yet, these people want me to let users open any HTML > web page that floats into their inbox? > > This has got to be a gift from the gods if you are up to mischief - just > email everyone a securedoc.html file and they will open it and enter their > password ... which javascript (love that stuff) will promptly send to the > web site of your choice. > > Spearfishing is this easy? > > Edmund Cramp - google.com/+edmundcramp > -- > I am a drinker with writing problems. Brendan Behan > > > _______________________________________________ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > > > --- > > Keith Stokes > > > _______________________________________________ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > -- ~Running amok on technology with no apologies
_______________________________________________ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
