[Dshield] Banks Openly Inviting Email Fraud
sama at snowplow.org
Mon Feb 23 21:49:57 GMT 2004
Good post, Jon. Wow...
I knew I had recently received an email from Capital One regarding my
online statement being ready....
Return-Path: <service at capitalone.bfi0.com>
Received: from bigfootinteractive.com (arm110.bigfootinteractive.com
From: Capital One <capitalone at capitalone.bfi0.com>
I was a bit shocked to see it so skewed.
> It deeply concerns me how many financial institutions, especially banks, are leaving
> themselves wide open to email fraud. In fact, they are training their users to accept
> as legitimate, email that under most circumstances would be clearly red-flagged as
> potentially fraudulent.
> Does all the email you receive from various financial institutions have "Received:"
> headers that provide verifiable information? Do all the URLs in these messages
> use hostnames that are that of the financial institution, and not IP addresses or
> those of other organizations?
More information about the list