W3C home > Mailing lists > Public > public-usable-authentication@w3.org > September 2006

Non phishing brand attacks

From: Hallam-Baker, Phillip <pbaker@verisign.com>
Date: Tue, 12 Sep 2006 08:04:45 -0700
Message-ID: <198A730C2044DE4A96749D13E167AD37D3FA66@MOU1WNEXMB04.vcorp.ad.vrsn.com>
To: <public-usable-authentication@w3.org>
The message attached is not a phishing attack but it is sent with
criminal intent. The scam behind this message is an advance fee fraud.
To get the car the mark has to pay a delivery fee up front. The car will
never be delivered. The criminals will run off with the cash.
 
The point here is that we need to do more than just stop one particular
form of crime that depends on the ability to impersonate trusted
parties. Phishing is a complex crime and any solution is going to
require multiple levels. In particular we are going to need trustworthy
input paths for credentials, theft resistant credentials and
authentication of email messages in addition to authentication of Web
sites.
 
With regard to the 'workflow' issue we need to work through each attack
scenario and decide where in that attack scenario the user is most
likely to notice the authentication credentials. The most effective
point of access is probably going to be the initial email solicitation
rather than the capture site the mark visits after they have been lured
in. For various tactical issues it is best for this group to consider
the Web site authentication process before email.

________________________________

From:  xxx 
To: Hallam-Baker, Phillip
Subject: FW: COCACOLA PRIZE


Phillip,
 
A new twist on Phishing?
 
Scott

________________________________

From: coco@yahoo.com [mailto:coco@yahoo.com] 
Sent: Tuesday, September 12, 2006 7:20 AM
To:  xxx
Subject: COCACOLA PRIZE


 <http://www.hkemailotto.com/hkjh/cola_01.gif>
<http://www.hkemailotto.com/hkjh/cola_02.gif> 	
 <http://www.hkemailotto.com/hkjh/cola_03.gif>
<http://www.hkemailotto.com/hkjh/cola_04.gif> 	
 <http://www.hkemailotto.com/hkjh/cola_03_06.gif> 	COCA-COLA ONLINE
PROMOTIONS!!!

THE COCA COLA COMPANY Hong Kong office is Giving Away 1 cars For
"FREE"!! And cash bonus of $800,000.00 
The Company is trying e-mail to e-mail advertising to introduce its
products.
The reward you received for advertising for them is a Mercedes-Benz, ML
class jeep convertible free of cost! Including cash prize of $800,000,00

To receive your free car all you need to do is send us your
1. Full name
2. Address / contact number
3. Country of origin
4. Occupation
5. Email.

Within 1 month you will receive a free car. a draw has just been
concluded in Hong Kong last weekend 
(we contacted you via your email address).

You must send your contact information to, 
ccocacolaa@excite.com or ccoca_cola@excite.com

Kind Regards,

Sandy Robert 
Sales /Marketing Manager
coca cola Asia
Hong Kong


 <http://www.hkemailotto.com/hkjh/cola_03_08.gif> 	
 <http://www.hkemailotto.com/hkjh/cola_07.gif>
<http://www.hkemailotto.com/hkjh/cola_08.gif> 	
 <http://www.hkemailotto.com/hkjh/qm.gif> 
Received on Tuesday, 12 September 2006 15:05:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:14 GMT