Some companies are just asking for it.
John Levine
johnl at iecc.com
Thu Jun 23 23:32:44 EDT 2005
>My girlfriend just got an (apparently legitimate from what I can tell)
>HTML email from her credit card company, complete with lots of lovely
>images and an exhortation to sign up for their new secure online
>"ShopSafe" service that apparently generates one time credit card
>numbers on the fly.
Shopsafe is rather nice. I use it all the time, and it's written in
flash which works on my FreeBSD laptop.
On the other hand, MBNA's mail practices would be laughable if they
weren't entirely in line with every other bank in the country. If you
read Dave Farber's IP list, a couple of days ago Bob Frankston sent in
an alarmed note saying that some info from his Bank of America account
had apparently been stolen and used in a phish, and I wrote to tell him
that no, the mail was real, from the service bureau they use which has
a name nobody outside the banking industry knows.
Aaron Emigh of Radix Labs wrote to tell me about a talk he gave
earlier this year at an Anti-Phishing Working Group earlier this year
on this topic, which starts with a set of examples of real bank mail
each of which looks phishier than the last.
This is 30MB due to the voiceover, but if you have a fast web
connection, it's worth running. It needs Powerpoint:
http://www.radixlabs.com/idtheft/aaron-emigh-education.pps
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list