This is one of those times where either PGP/GPG or these digital ID things
in Outlook/Outlook Express would come in handy. Not that I would expect
normal users to bother to check to see if the sig is legit or not,
considering these are the same people who seem to have no problem opening a
zip file and running an exe in it (ala MiMail).
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
The AHBL - http://www.ahbl.org
- Original Message -
From: Daniel Roesen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 10, 2003 2:30 PM
Subject: Re: Email security issues
On Mon, Nov 10, 2003 at 01:10:42PM -0600, Adi Linden wrote:
I've just receives a nice email from my banker (ok, it claims to be from
my banker) asking me to visit my banks website and confirm my email
address. This email is by far the most convincing piece of fraud I
received to date so far. The URL loads up the bank page plus a popup
provoding a login. Looking at the source of the popup it revels that it
is
positively not a legit source and most likely used to harvest peoples
access information.
Yep, got the same one. Quite a good fake. Even the faked Received: line
has an IP from an IP block of this bank. The only technical thing
which I saw when taking a quick look which showed the fake was the
.edu relay inbetween.
Best regards,
Daniel
