[Dshield] Banks Openly Inviting Email Fraud

vern@flowersofhappiness.com vern at flowersofhappiness.com
Tue Feb 24 00:51:15 GMT 2004


> Samantha Fetter wrote:
>>
>> Good post, Jon.  Wow...
>>
>> I knew I had recently received an email from Capital One regarding my
>> online statement being ready....
>>
>> Return-Path: <service at capitalone.bfi0.com>
>> Received: from bigfootinteractive.com (arm110.bigfootinteractive.com
>> [206.132.3.110])
>> From: Capital One <capitalone at capitalone.bfi0.com>
>>
>> I was a bit shocked to see it so skewed.
>>
>> Thanks,
>> Samantha
>>
> Samantha,
>
> A couple of question:
>  1) After having received the above email, if the message had contained
>     a link to go check your online statement, would you have clicked on
>     it without giving it a second thought?
>
>  2) If the link that you clicked on had prompted you to enter your name,
>     credit card number, and PIN in order to access your online statement,
>     would you have done so without giving it a second thought?
>
> Even if you hesitated to do so, imagine how many people would have readily
> entered that information without giving any consideration to the potential
> consequences of having done so! Especially, if they just received a prompt
> dialog box with no URLs or anything else that may give an indication of a
> bogus URL in action.
>
> Thank you for helping me illustrate my point!
>
> Jon
> --
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>


All this stuff will be gone in a few years.  Currently the internet is
experiencing growing pains.  As things like IPv4 get phased out and IPv6
get phased in you'll start to see some RFC's change, and in instead of
having the from: address in an email being nothing more than a user
entered variable, you will start to see required checks made checking the
domain name it was sent from using reverse DNS lookups.  I.E.  I send mail
from my domain flowersofhappiness.com and put in badguy at badguys.net as the
from: address, and the mail server routing it gets the message, stores my
IP, does a reverse DNS lookup, and if the domain name in my from: address
doesn't match the DNS lookup of my IP then it just bounces it.

It's all temporary.

Just hang tight for another few years :)

Sky




More information about the list mailing list