[Fwd: Secure Server e-Cert & Developer e-Cert. Comerica TM Connect Web Bank]

Thierry Moreau thierry.moreau at connotech.com
Wed Apr 23 12:35:08 EDT 2008

Arshad Noor wrote:
>> Fascinating!
>> This may be the first phishing e-mail I've seen that uses
>> a message related to digital certificates for attacking the
>> client; I am not a customer of Comerica.

I did notice this reference to certificates in the phishing blabla message.

I checked very quickly at comerica.com, they don't seem to use client PK 
pairs (nor certificates), merely the usual name/password authentication.

If the target financial institution was using client authentication, it 
would be interesting to see phishing scenario details, but that's not 
the case until shown otherwise.

I'm not impressed by the phisher blabla message.


- Thierry Moreau

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list