On 11/28/06, Larry Seltzer <[EMAIL PROTECTED]> wrote:
Oh, I was talking about Paul's messages (from Chase) Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine [EMAIL PROTECTED] -----Original Message----- From: Gadi Evron [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 28, 2006 8:02 PM To: Larry Seltzer Cc: [email protected] Subject: RE: [funsec] bankone/chase non-scam On Tue, 28 Nov 2006, Larry Seltzer wrote: > I don't see any headers on these e-mails so I can't judge them. I > don't see enough proof that these messages are legit, but I see no > reason to believe they are illegit. How could they possibly be used in a scam? I spoke of a bank of america email sent the other day to someone we both know. The email was legit, yet: 1. The server did not sit in the same hosting location as www.bankofamerica.com. 2. It was a different domain. 3. It was a different certificate. 4. etc. I did not believe this was a legitimate email, I was sure it was spam phishing. I was wrong. It was a legitimate email from the bank of america. What is that all about?
A lot of Banks, mine included, hire other companies to send out marketing and informative emails. We even add an SPF record to allow that company to send on behalf of the bank. Did I agree with this? Hell no, but again, another business decision... One thing that is for sure, we send out our own emails where official business is concerned and the war to keep URL's off the email was easily won once we got phished. Dennis
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
