[Dshield] Banks Openly Inviting Email Fraud

Samantha Fetter sama at snowplow.org
Mon Feb 23 21:49:57 GMT 2004


Good post, Jon.  Wow...

I knew I had recently received an email from Capital One regarding my
online statement being ready....

Return-Path: <service at capitalone.bfi0.com>
Received: from bigfootinteractive.com (arm110.bigfootinteractive.com
[206.132.3.110])
From: Capital One <capitalone at capitalone.bfi0.com>

I was a bit shocked to see it so skewed.

Thanks,
Samantha


> It deeply concerns me how many financial institutions, especially banks, are leaving
> themselves wide open to email fraud. In fact, they are training their users to accept
> as legitimate, email that under most circumstances would be clearly red-flagged as
> potentially fraudulent.
<snip>
> Does all the email you receive from various financial institutions have "Received:"
> headers that provide verifiable information? Do all the URLs in these messages
> use hostnames that are that of the financial institution, and not IP addresses or
> those of other organizations?





More information about the list mailing list