[LINK] Another phishing tale

Kim Holburn kim at holburn.net
Fri Sep 5 15:57:25 AEST 2008


I got an email from my credit union two weeks ago that I was sure was  
a phish.  I reported it to AUSCERT and they were sure too.  Then after  
communicating with the aforesaid company it turns out that the email  
was genuine and really was from my credit union.  It's very sad that  
this credit union doesn't have a clue about phishing and would send  
out emails that are virtually indistinguishable from phishing emails.

Banks are in a quandary these days.  If they do want to send customers  
emails what do they do?  I suggested to them they could digitally sign  
their emails or they could use their own messaging system that you get  
when you log in to their web site (much as I hate web based messaging  
systems).

I don't know that they understood about the digital signatures.

On 2008/Sep/05, at 2:57 AM, Rick Welykochy wrote:

> Hi Linkers,
>
> Here is a spooky phishing incident. I have been expecting a  
> telegraphic
> transfer of funds from overseas. It arrived today in my Westpac  
> account.
>
> Within five minutes of the funds arriving I received a phishing email
> personally addressed to me claiming to be from the Westpac Bank. It  
> was
> a fake but look at the headers:
>
> To: rick at praxis.com.au
> Subject: money transfer
> From: Westpac Bank <moneytransfer at westpac.co.nz>
>
> I have never seen a phish like this one before. So it was an amazing
> coincidence to receive it just when it suited my personal  
> circumstances.
>
> This is how the social engineering aspect works: send out millions of
> phishes and one is bound to apply exactly to someone's current
> circumstances, i.e. like the eBay phish I fell for a couple weeks  
> back.
>
> I believe that a certain email client from a certain megacorporation
> would display the from line about as follows:
>
> From: Westpac Bank
>
> which makes it all the more incidious.
>
> cheers
> rickw
>
>
> -- 
> ________________________________________________________________
> Rick Welykochy || Praxis Services || Internet Driving Instructor
>
> For every complex problem, there is a solution that is simple, neat,  
> and wrong.
>      -- H.L. Mencken
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961






More information about the Link mailing list