[ale] OT: online banking hack

Jonathan Rickman jonathan at xcorps.net
Tue May 13 06:57:01 EDT 2003


On Tue, 13 May 2003, Raju wrote:

> 1. How many actually make sure that IP address matches the correct Domain
> Name when we enter a URL?

Most likely, this particular scam is using URL obfustication to give the
illusion that all is well with the link.

> 2. This was an example of exploiting the weakest link in security, namely
> us Humans..:-)

...and possibly another. Was this an HTML message? If so, then you should
view the source of the message, get the IP that the hyperlink really
points to, run a whois search (man whois) and forward the info on to the
owner of the netblock in question. I'd report the message itself as plain
old spam after a quick header check. If the headers reveal that the
message did indeed come from BoA's servers, it would be nice to give
them a courtesy call. I wouldn't waste too much time with the feds on this
one. You, being the apparent recipient of typical spam, will not even hit
their radar. The netblock owner (if it's an American netblock) will get
more attention and BoA (if the mail did come through their server) will
certainly garner some attention.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list