Encrypting transactions on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench.
-- Eugene Spafford
JaBbA's Hut

Today's Tao (Chapter 76):

A newborn is soft and tender,
A crone, hard and stiff.
Plants and animals, in life, are supple and succulent;
In death, withered and dry.
So softness and tenderness are attributes of life,
And hardness and stiffness, attributes of death.

Just as a sapless tree will split and decay
So an inflexible force will meet defeat;
The hard and mighty lie beneath the ground
While the tender and weak dance on the breeze above.
Friends and Family Login
Username

Password

Remember Me
NEW It Works!!!!

Friend or Family?
To see the stuff
hidden from the wider world,
Click Here

Contact Me

Email Me at http://xri.net/=Justin.B.Alcorn

Subscribe

Subscribe to JaBbA's Hut! Have new entries emailed to you!
Your email address:

Quicksearch

About Me

  • PGP Key Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C. Get my Key for "Justin Bradford Alcorn" from http://pgpkeys.mit.edu .

Calendar

Back September '10
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Archives

September 2010
August 2010
July 2010
Recent...
Older...

Syndicate This Blog

Blog Administration

Open login screen

Categories



All categories

History

7 days from last year...

2009/09/05 01:25 I wanted to rant....

Powered by

Serendipity PHP Weblog

Creative Commons License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

JaBbA's Hut

White Hat Liberal Geek Dad

Tuesday, May 3. 2005

Beware the replay

Phishing
American Express apparently just sent an email to some of their cardmembers that provides the perfect opportunity for a phisher to create a replay attack. They apparently tried putting some smarts behind their links but it's been demonstrated how to easily bypass their filters and send an email very similar to the following (real, but sanitized) email:


From: American Express [mailto:AmericanExpress@email2.americanexpress.com]
Sent: Monday, May 02, 2005 3:55 PM
To: someone@san.rr.com
Subject: Update Contact Information

Dear Cardmember,

Our records indicate that your billing address is no longer valid for your account ending in 82005.

Having your most updated contact information is critical to our ability to service your account and to provide you with information on important changes that impact your account.

Please take a moment to update your contact information on https://www.americanexpress.com/updatecontactinfo. If you prefer, you can copy and paste or type the URL directly into your address bar.

If you have any questions regarding this message, please call the telephone number on the back of your card for assistance from a Customer Service Representative.

Thank you for your time and continued business with American Express.

Sincerely,
American Express Customer Service

To Reply to this e-mail
Simply log in to our Secure Message Center at https://www.americanexpress.com/messagecenter and send your inquiry via secure e-mail. If clicking on this link does not work, please cut and paste it into the "address" bar of a new browser window. This e-mail was sent from a notification-only address that cannot accept incoming e-mail.

Notice About Servicing E-mails
This e-mail was sent to you by American Express Customer Service to provide important information about your account and/or online products and services for which you are registered. You may receive customer service e-mails even if you have requested not to receive e-mail marketing offers from American Express.

Privacy Statement
For details on our e-mail practices, please visit the American Express Privacy Statement at http://www.americanexpress.com/privacy.

AGNEUATH0003001


Wow. Invisible tracking links that determine whether the user read the email. Links that actually connect to a different URL than advertised.

All the classic scam techniques, demonstrated by a big, trusted company.
Posted by JaBbA in Phishing at 15:25 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 
Please send a whole bunch of email to johnny@jalcorn.net