Re: [NetsecTR] Garanti Bankası Ekstre -eposta hakkında

2017-01-22 Başlik Alper Basaran 
İbrahim Bey merhaba,

Gündeme gelmişken e-mail başlıklarıyla ilgili ufak bir hatırlatma yapmakta
fayda görüyorum;
E-posta başlıklarındaki header bilgilerinin bir kısmı
değiştirilebilir/bozulabilir olduğu için bunların içerdiği bilgiler
güvenilmezdir. (Örneğin: reply-to). "Received by" headeri ise e-postayı
bizim sunucumuza ilten son sunucunun bilgilerini barındırdığı için bu
başlık nispetn "güvenilirdir". Paylaştığınız örnekte bu e-posta gerçekten
Garanti'den gelmiş gibi duruyor.

Ufak bir noktaya dikkatinizi çekmek istiyorum. Paylaştığınız bilgiler
içerisinde kredi kartınızın 10 hanesi (sonu 6025 ile bitiyor) ve dönem içi
harcama tutarınız (1.648,88TL) gibi bilgiler mevcut. Bu bilgiler doğruysa
kredi kartınızı iptal ettirip yenisini çıkartmak isteyebilirsiniz.

Saygılarımla,
Alper Başaran


On Mon, Jan 23, 2017 at 9:15 AM, Alper Erbasi  wrote:

> Bana da gelmiş.
> Normal ve gerçek ekstrem var içinde de. :)
>
>
> 23 Oca 2017 Pzt, saat 10:09 tarihinde Ibrahim AKSIT <
> ibrahimak...@gmail.com> şunu yazdı:
>
>> Merhaba arkadaşlar,
>>
>> Bana gönderilen bir e-posta hakkındaki HEADER bilgilerini de içeren
>> detaylar aşağıda verilmiştir. garanti.com.tr'den gelmiş gibi
>> göstermişler.
>> Ekte de BonusCardEkstre.pdf dosyası mevcut.
>> Bu konuda değerli fikirlerinizi paylaşırsanız çok memnun olurum.
>> Herkese iyi günler iyi çalışmalar dilerim.
>>
>> Delivered-To: ibrahimak...@gmail.com
>>
>> Received: by 10.103.126.80 with SMTP id z77csp1048543vsc;
>>
>> Sun, 22 Jan 2017 20:59:19 -0800 (PST)
>>
>> X-Received: by 10.28.234.193 with SMTP id g62mr11492584wmi.36.1485147559648;
>>
>> Sun, 22 Jan 2017 20:59:19 -0800 (PST)
>>
>> Return-Path: 
>>
>> Received: from emailbulk.garanti.com.tr (emailbulk.garanti.com.tr. 
>> [194.29.215.157])
>>
>> by mx.google.com with ESMTP id 
>> m73si12781865wmg.161.2017.01.22.20.59.19
>>
>> for ;
>>
>> Sun, 22 Jan 2017 20:59:19 -0800 (PST)
>>
>> Received-SPF: neutral (google.com: 194.29.215.157 is neither permitted nor 
>> denied by best guess record for domain of i...@bonuscard.com.tr) 
>> client-ip=194.29.215.157;
>>
>> Authentication-Results: mx.google.com;
>>
>>spf=neutral (google.com: 194.29.215.157 is neither permitted nor 
>> denied by best guess record for domain of i...@bonuscard.com.tr) 
>> smtp.mailfrom=i...@bonuscard.com.tr
>>
>> Message-ID: 
>>
>> MIME-Version: 1.0
>>
>> From: BonusCard 
>>
>> To: ibrahimak...@gmail.com
>>
>> Reply-To: nore...@garanti.com.tr
>>
>> Date: 23 Jan 2017 07:59:17 +0300
>>
>> Subject: Bonus Hesap Özeti (TL) - Ocak
>>
>> Content-Type: multipart/mixed; 
>> boundary=--boundary_86046_3ac1ad3d-fbb0-41a9-a8ae-74938528ca10
>>
>>
>>
>> boundary_86046_3ac1ad3d-fbb0-41a9-a8ae-74938528ca10
>>
>> Content-Type: text/html; charset=utf-8
>>
>> Content-Transfer-Encoding: base64
>>
>>
>>
>> PGh0bWw+DQogIDxoZWFkPg0KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29u
>>
>> dGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi0xNiI+DQogICAgPHRpdGxlPkJvbnVzIEhlc2Fw
>>
>> IMOWemV0aSAoVEwpIC0gT2NhazwvdGl0bGU+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu
>>
>> dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktOSI+DQogIDwvaGVh
>>
>> ZD4NCiAgPGJvZHkgc3R5bGU9ImJhY2tncm91bmQtY29sb3I6ICMyMWFmMDAiPg0KICAgIDxkaXYg
>>
>> c3R5bGU9ImJhY2tncm91bmQtY29sb3I6ICMyMWFmMDA7IHBhZGRpbmc6MzBweDsgbWFyZ2luOjAg
>>
>> YXV0bzsiPg0KICAgICAgPHRhYmxlIGFsaWduPSJjZW50ZXIiIHdpZHRoPSI2MzkiIGNlbGxwYWRk
>>
>> aW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9IndpZHRoOiA2MzlweDsgYmFja2dyb3VuZC1j
>>
>> b2xvcjojZmZmZmZmOyI+DQogICAgICAgIDx0cj4NCiAgICAgICAgICA8dGQgY29sc3Bhbj0iMyIg
>>
>> c3R5bGU9InBhZGRpbmc6IDA7IG1hcmdpbjogMDsiPjxpbWcgdXNlbWFwPSIjbWFwMSIgc3R5bGU9
>>
>> ImRpc3BsYXk6IGJsb2NrIiBib3JkZXI9IjAiIHdpZHRoPSI2MzkiIGhlaWdodD0iMTA1IiBhbHQ9
>>
>> IkJvbnVzIC0gSGVzYXAgw5Z6ZXRpIiBzcmM9Imh0dHA6Ly9hc3NldHMuYm9udXMuY29tLnRyL2Fw
>>
>> cHMvZS1la3N0cmUvaW1hZ2VzL2hlYWRlci5qcGciPjwvdGQ+DQogICAgICAgIDwvdHI+DQogICAg
>>
>> ICAgIDx0cj4NCiAgICAgICAgICA8dGQgc3R5bGU9IndpZHRoOiAyNXB4OyBiYWNrZ3JvdW5kLWNv
>>
>> bG9yOiAjZmZmZmZmOyI+PGltZyBzdHlsZT0iZGlzcGxheTogYmxvY2siIGJvcmRlcj0iMCIgd2lk
>>
>> dGg9IjI1IiBhbHQ9IiIgc3JjPSJodHRwOi8vYXNzZXRzLmJvbnVzLmNvbS50ci9hcHBzL2UtZWtz
>>
>> dHJlL2ltYWdlcy9zcGFjZS5naWYiPjwvdGQ+DQogICAgICAgICAgPHRkIHN0eWxlPSJ3aWR0aDog
>>
>> NTkzcHg7IGJhY2tncm91bmQtY29sb3I6ICNmZmZmZmY7IHBhZGRpbmctdG9wOiAzNXB4OyBwYWRk
>>
>> aW5nLWJvdHRvbTogMjBweDsgZm9udC1mYW1pbHk6IFZlcmRhbmE7IGNvbG9yOiAjNTk1OTU5OyI+
>>
>> DQogICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOjE0cHg7IG1hcmdpbi1yaWdodDowOyBt
>>
>> YXJnaW4tdG9wOjA7IG1hcmdpbi1sZWZ0OjA7IG1hcmdpbi1ib3R0b206MTVweDsgcGFkZGluZzow
>>
>> OyI+DQogICAgICAgICAgICAgICAgICBTYXnEsW4gxLBCUkFIxLBNIEFLxZ7EsFQsDQogICAgICAg
>>
>> ICAgICAgICAgPC9wPg0KICAgICAgICAgICAgPHAgc3R5bGU9ImZvbnQtc2l6ZToxMnB4OyBtYXJn
>>
>> aW46MDsgcGFkZGluZzowOyI+PHNwYW4gc3R5bGU9ImNvbG9yOnJlZDsiPjU1NDkgNjAqKiAqKioq
>>
>>

[NetsecTR] Garanti Bankası Ekstre -eposta hakkında

2017-01-22 Başlik Ibrahim AKSIT 
Merhaba arkadaşlar,

Bana gönderilen bir e-posta hakkındaki HEADER bilgilerini de içeren
detaylar aşağıda verilmiştir. garanti.com.tr'den gelmiş gibi göstermişler.
Ekte de BonusCardEkstre.pdf dosyası mevcut.
Bu konuda değerli fikirlerinizi paylaşırsanız çok memnun olurum.
Herkese iyi günler iyi çalışmalar dilerim.

Delivered-To: ibrahimak...@gmail.com
Received: by 10.103.126.80 with SMTP id z77csp1048543vsc;
Sun, 22 Jan 2017 20:59:19 -0800 (PST)
X-Received: by 10.28.234.193 with SMTP id g62mr11492584wmi.36.1485147559648;
Sun, 22 Jan 2017 20:59:19 -0800 (PST)
Return-Path: 
Received: from emailbulk.garanti.com.tr (emailbulk.garanti.com.tr.
[194.29.215.157])
by mx.google.com with ESMTP id m73si12781865wmg.161.2017.01.22.20.59.19
for ;
Sun, 22 Jan 2017 20:59:19 -0800 (PST)
Received-SPF: neutral (google.com: 194.29.215.157 is neither permitted
nor denied by best guess record for domain of i...@bonuscard.com.tr)
client-ip=194.29.215.157;
Authentication-Results: mx.google.com;
   spf=neutral (google.com: 194.29.215.157 is neither permitted
nor denied by best guess record for domain of i...@bonuscard.com.tr)
smtp.mailfrom=i...@bonuscard.com.tr
Message-ID: 
MIME-Version: 1.0
From: BonusCard 
To: ibrahimak...@gmail.com
Reply-To: nore...@garanti.com.tr
Date: 23 Jan 2017 07:59:17 +0300
Subject: Bonus Hesap Özeti (TL) - Ocak
Content-Type: multipart/mixed;
boundary=--boundary_86046_3ac1ad3d-fbb0-41a9-a8ae-74938528ca10

boundary_86046_3ac1ad3d-fbb0-41a9-a8ae-74938528ca10
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PGh0bWw+DQogIDxoZWFkPg0KICAgIDxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29u
dGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi0xNiI+DQogICAgPHRpdGxlPkJvbnVzIEhlc2Fw
IMOWemV0aSAoVEwpIC0gT2NhazwvdGl0bGU+DQogICAgPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVu
dC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9aXNvLTg4NTktOSI+DQogIDwvaGVh
ZD4NCiAgPGJvZHkgc3R5bGU9ImJhY2tncm91bmQtY29sb3I6ICMyMWFmMDAiPg0KICAgIDxkaXYg
c3R5bGU9ImJhY2tncm91bmQtY29sb3I6ICMyMWFmMDA7IHBhZGRpbmc6MzBweDsgbWFyZ2luOjAg
YXV0bzsiPg0KICAgICAgPHRhYmxlIGFsaWduPSJjZW50ZXIiIHdpZHRoPSI2MzkiIGNlbGxwYWRk
aW5nPSIwIiBjZWxsc3BhY2luZz0iMCIgc3R5bGU9IndpZHRoOiA2MzlweDsgYmFja2dyb3VuZC1j
b2xvcjojZmZmZmZmOyI+DQogICAgICAgIDx0cj4NCiAgICAgICAgICA8dGQgY29sc3Bhbj0iMyIg
c3R5bGU9InBhZGRpbmc6IDA7IG1hcmdpbjogMDsiPjxpbWcgdXNlbWFwPSIjbWFwMSIgc3R5bGU9
ImRpc3BsYXk6IGJsb2NrIiBib3JkZXI9IjAiIHdpZHRoPSI2MzkiIGhlaWdodD0iMTA1IiBhbHQ9
IkJvbnVzIC0gSGVzYXAgw5Z6ZXRpIiBzcmM9Imh0dHA6Ly9hc3NldHMuYm9udXMuY29tLnRyL2Fw
cHMvZS1la3N0cmUvaW1hZ2VzL2hlYWRlci5qcGciPjwvdGQ+DQogICAgICAgIDwvdHI+DQogICAg
ICAgIDx0cj4NCiAgICAgICAgICA8dGQgc3R5bGU9IndpZHRoOiAyNXB4OyBiYWNrZ3JvdW5kLWNv
bG9yOiAjZmZmZmZmOyI+PGltZyBzdHlsZT0iZGlzcGxheTogYmxvY2siIGJvcmRlcj0iMCIgd2lk
dGg9IjI1IiBhbHQ9IiIgc3JjPSJodHRwOi8vYXNzZXRzLmJvbnVzLmNvbS50ci9hcHBzL2UtZWtz
dHJlL2ltYWdlcy9zcGFjZS5naWYiPjwvdGQ+DQogICAgICAgICAgPHRkIHN0eWxlPSJ3aWR0aDog
NTkzcHg7IGJhY2tncm91bmQtY29sb3I6ICNmZmZmZmY7IHBhZGRpbmctdG9wOiAzNXB4OyBwYWRk
aW5nLWJvdHRvbTogMjBweDsgZm9udC1mYW1pbHk6IFZlcmRhbmE7IGNvbG9yOiAjNTk1OTU5OyI+
DQogICAgICAgICAgICA8cCBzdHlsZT0iZm9udC1zaXplOjE0cHg7IG1hcmdpbi1yaWdodDowOyBt
YXJnaW4tdG9wOjA7IG1hcmdpbi1sZWZ0OjA7IG1hcmdpbi1ib3R0b206MTVweDsgcGFkZGluZzow
OyI+DQogICAgICAgICAgICAgICAgICBTYXnEsW4gxLBCUkFIxLBNIEFLxZ7EsFQsDQogICAgICAg
ICAgICAgICAgPC9wPg0KICAgICAgICAgICAgPHAgc3R5bGU9ImZvbnQtc2l6ZToxMnB4OyBtYXJn
aW46MDsgcGFkZGluZzowOyI+PHNwYW4gc3R5bGU9ImNvbG9yOnJlZDsiPjU1NDkgNjAqKiAqKioq
IDYwMjU8L3NwYW4+IG5vbHUgPHN0cm9uZz5Cb251czwvc3Ryb25nPid1bnV6IGlsZSBpbGdpbGkg
w7Z6ZXQgYmlsZ2lsZXJpIGHFn2HEn8SxZGEsPGJyPmVrc3RyZSBkZXRheWxhcsSxbsSxesSxIGVr
dGUgYnVsYWJpbGlyc2luaXouDQogICAgICAgICAgICAgICAgPC9wPg0KICAgICAgICAgIDwvdGQ+
DQogICAgICAgICAgPHRkIHN0eWxlPSJ3aWR0aDogMjFweDsgYmFja2dyb3VuZC1jb2xvcjogI2Zm
ZmZmZjsiPjxpbWcgc3R5bGU9ImRpc3BsYXk6IGJsb2NrIiBib3JkZXI9IjAiIHdpZHRoPSIyMSIg
YWx0PSIiIHNyYz0iaHR0cDovL2Fzc2V0cy5ib251cy5jb20udHIvYXBwcy9lLWVrc3RyZS9pbWFn
ZXMvc3BhY2UuZ2lmIj48L3RkPg0KICAgICAgICA8L3RyPg0KICAgICAgICA8dHI+DQogICAgICAg
ICAgPHRkIHN0eWxlPSJ3aWR0aDogMjVweDsgYmFja2dyb3VuZC1jb2xvcjogI2ZmZmZmZjsgcGFk
ZGluZzowOyBtYXJnaW46MDsiPjxpbWcgc3R5bGU9ImRpc3BsYXk6IGJsb2NrIiBib3JkZXI9IjAi
IHdpZHRoPSIyNSIgYWx0PSIiIHNyYz0iaHR0cDovL2Fzc2V0cy5ib251cy5jb20udHIvYXBwcy9l
LWVrc3RyZS9pbWFnZXMvc3BhY2UuZ2lmIj48L3RkPg0KICAgICAgICAgIDx0ZCBzdHlsZT0id2lk
dGg6IDU5M3B4OyBiYWNrZ3JvdW5kLWNvbG9yOiNmZmZmZmY7IHBhZGRpbmc6MDsgbWFyZ2luOjA7
Ij4NCiAgICAgICAgICAgIDx0YWJsZSBzdHlsZT0id2lkdGg6NTkzcHg7IHBhZGRpbmc6MDsgbWFy
Z2luOjA7IiBjZWxscGFkZGluZz0iMCIgY2VsbHNwYWNpbmc9IjAiPg0KICAgICAgICAgICAgICA8
dHI+DQogICAgICAgICAgICAgICAgPHRkIHN0eWxlPSJ3aWR0aDoxOTdweDsgcGFkZGluZy10b3A6
MTBweDsgbWFyZ2luOjA7IiB2YWxpZ249InRvcCI+DQogICAgICAgICAgICAgICAgICA8dGFibGUg
c3R5bGU9IndpZHRoOjE5N3B4OyBwYWRkaW5nOjA7IG1hcmdpbjowOyIgY2VsbHBhZGRpbmc9IjAi
IGNlbGxzcGFjaW5nPSIwIj4NCiAgICAgICAgICAgICAgICAgICAgPHRyPg0KICAgICAgICAgICAg

[NetsecTR] Yeni dolandırıcılık sistemi

2017-01-22 Başlik Bahör 
Sevgili NetSec üyeleri,

SMS ile gelen yeni bir dolandırıcılık sistemi başladı. Mail attığımızda direk 
kredi kartı bilgilerinizi almaya çalışıyor. Bilginize..





Bahar.
METU/ Ankara.-

İleri Seviye Ağ Güvenliği Eğitimi - 25-27 Ocak 2017

https://www.bgasecurity.com/egitim-takvimi/

-