I don't see any headers on these e-mails so I can't judge them. I don't see enough proof that these messages are legit, but I see no reason to believe they are illegit. How could they possibly be used in a scam?
Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 28, 2006 7:55 PM To: Larry Seltzer Cc: [email protected] Subject: RE: [funsec] bankone/chase non-scam On Tue, 28 Nov 2006, Larry Seltzer wrote: > >>People should be told that all emails purporting to come from banks > are to be ignored, and then banks have to find another way to > communicate with their customers. > > >>My bank uses bits of paper. > > We (PCMag) tell them if they get an e-mail from a vendor or a bank or > whatever and they're curious about it to go to the site through their > normal bookmark or by typying in the URL and to check their account on > the site that way. > > The e-mails Paul sends are sort of lame, but the only link in them > goes to www.chase.com and I don't see how they could be used in a > scam. It sounds like the user needs a new activation code; if they go > to the site they will be prompted for it. Larry, I am, say, a beyond average Internet end user. If I, who can whois the domain, the IP, check the certificate and compare the key IDs, then surfs to the site. Checks the email headers and the source of the DATA section, can't make up my mind if a legitimate email really is legit, there is something very wrong with how the bank operates. What do you expect a regular user to do? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
