[Dshield] Banks Openly Inviting Email Fraud

Samantha Fetter sama at snowplow.org
Tue Feb 24 04:07:49 GMT 2004


Jon,

I never open the email, I just logon to capitalone.com to look at it :)
Nor would I had done any of the other stuff.

But, I'm also not the average user, I'm a Systems Engineer who handles
a major company's firewall/internet/extranets/proxies and then some
infrastructure... so I know better :)

But it certainly helped to illustrate your point, which was also why I
posted it.  I will most certainly be contacting them regarding this and
pursue it as much as I can.  It's really incredible as you point out that
a financial institution would do this.

Thanks again,
Samantha

> A couple of question:
>  1) After having received the above email, if the message had contained
>     a link to go check your online statement, would you have clicked on
>     it without giving it a second thought?
>
>  2) If the link that you clicked on had prompted you to enter your name,
>     credit card number, and PIN in order to access your online statement,
>     would you have done so without giving it a second thought?
>
> Even if you hesitated to do so, imagine how many people would have readily
> entered that information without giving any consideration to the potential
> consequences of having done so! Especially, if they just received a prompt
> dialog box with no URLs or anything else that may give an indication of a
> bogus URL in action.
>
> Thank you for helping me illustrate my point!





More information about the list mailing list