[Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]
Thierry Moreau
thierry.moreau at connotech.com
Wed Apr 23 12:35:08 EDT 2008
Arshad Noor wrote:
>
>> Fascinating!
>>
>> This may be the first phishing e-mail I've seen that uses
>> a message related to digital certificates for attacking the
>> client; I am not a customer of Comerica.
>>
I did notice this reference to certificates in the phishing blabla message.
I checked very quickly at comerica.com, they don't seem to use client PK
pairs (nor certificates), merely the usual name/password authentication.
If the target financial institution was using client authentication, it
would be interesting to see phishing scenario details, but that's not
the case until shown otherwise.
I'm not impressed by the phisher blabla message.
--
- Thierry Moreau
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list