Arshad Noor wrote, On 2008-04-22 13:45: >> Fascinating! >> >> This may be the first phishing e-mail I've seen that uses >> a message related to digital certificates for attacking the >> client; I am not a customer of Comerica. >> >> Has anyone else seen this before? >> >> Arshad Noor >> StrongAuth, Inc.
I received a similar email, shown below. It was an html email. There was one link visibly apparent (shown below), but it actually went to another URL than the one shown. The real URL was in china. > From: "Bank of America" <[EMAIL PROTECTED]> > Subject: Important: digital certificate issued > Date: Wed, 16 Apr 2008 16:21:30 +0000 (GMT) > Return-Path: <[EMAIL PROTECTED]> > > Dear Bank of America Direct User: > Our records indicate that a new digital certificate has been issued to > your Bank of America Direct user ID. Digital certificates are > computer-based records issued to individual user IDs that allow Bank of > America Direct to validate your identity and protect your information > from unauthorized access. In order to access Bank of America Direct, you > must use a valid digital certificate. > > Installation Instructions > To install your newly-granted digital certificate, please access the > Digital Certificate Pick-Up site at: > > http://direct-certs.bankofamerica.com/direct/certpickup.asp?session=5657[...] > > Please have your Bank of America Direct login information readily > available when completing this process. Should you have any questions > regarding this process, please consult your Company Administrator or > contact your regional customer support center for further assistance. > > Sincerely, > Bank of America Direct Technical Care Center > > NOTE: This is an automatically generated communication. Interestingly enough, there IS a real server with the host name in the visible URL, but it offers only https services, not http. It's at https://direct-certs.bankofamerica.com/direct/help/index.html It appears to offer CA services for customers of "Bank of America Direct". Appears to be a service for businesses, and the user instructions seem to assume the user is not very technically knowledgeable. I suspect that the phony email I received is essentially a copy of a real message from that BofA service. My first thought, when I saw this email, was: who would be taken in by this? I think the answer must be: people who have recently applied for certs through the real BofA service. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
