W3C home > Mailing lists > Public > public-usable-authentication@w3.org > September 2006

RE: Non phishing brand attacks

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Tue, 12 Sep 2006 16:35:06 -0400
To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, <public-usable-authentication@w3.org>
Message-ID: <E1GNEyX-000393-2a@lisa.w3.org>
Agreed

 

  _____  

From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of
Hallam-Baker, Phillip
Sent: Tuesday, September 12, 2006 11:05 AM
To: public-usable-authentication@w3.org
Subject: Non phishing brand attacks

 

The message attached is not a phishing attack but it is sent with criminal
intent. The scam behind this message is an advance fee fraud. To get the car
the mark has to pay a delivery fee up front. The car will never be
delivered. The criminals will run off with the cash.

 

The point here is that we need to do more than just stop one particular form
of crime that depends on the ability to impersonate trusted parties.
Phishing is a complex crime and any solution is going to require multiple
levels. In particular we are going to need trustworthy input paths for
credentials, theft resistant credentials and authentication of email
messages in addition to authentication of Web sites.

 

With regard to the 'workflow' issue we need to work through each attack
scenario and decide where in that attack scenario the user is most likely to
notice the authentication credentials. The most effective point of access is
probably going to be the initial email solicitation rather than the capture
site the mark visits after they have been lured in. For various tactical
issues it is best for this group to consider the Web site authentication
process before email.

 

  _____  

From:  xxx 
To: Hallam-Baker, Phillip
Subject: FW: COCACOLA PRIZE

Phillip,

 

A new twist on Phishing?

 

Scott

 

  _____  

From: coco@yahoo.com [mailto:coco@yahoo.com] 
Sent: Tuesday, September 12, 2006 7:20 AM
To:  xxx

Subject: COCACOLA PRIZE


  <http://www.hkemailotto.com/hkjh/cola_01.gif> 

  <http://www.hkemailotto.com/hkjh/cola_02.gif> 


  <http://www.hkemailotto.com/hkjh/cola_03.gif> 

  <http://www.hkemailotto.com/hkjh/cola_04.gif> 



  <http://www.hkemailotto.com/hkjh/cola_03_06.gif> 

COCA-COLA ONLINE PROMOTIONS!!!

THE COCA COLA COMPANY Hong Kong office is Giving Away 1 cars For "FREE"!!
And cash bonus of $800,000.00 
The Company is trying e-mail to e-mail advertising to introduce its
products.
The reward you received for advertising for them is a Mercedes-Benz, ML
class jeep convertible free of cost! Including cash prize of $800,000,00

To receive your free car all you need to do is send us your
1. Full name
2. Address / contact number
3. Country of origin
4. Occupation
5. Email.

Within 1 month you will receive a free car. a draw has just been concluded
in Hong Kong last weekend 
(we contacted you via your email address).

You must send your contact information to, 
ccocacolaa@excite.com or ccoca_cola@excite.com

Kind Regards,

Sandy Robert 
Sales /Marketing Manager
coca cola Asia
Hong Kong

  <http://www.hkemailotto.com/hkjh/cola_03_08.gif> 


  <http://www.hkemailotto.com/hkjh/cola_07.gif> 

  <http://www.hkemailotto.com/hkjh/cola_08.gif> 

  <http://www.hkemailotto.com/hkjh/qm.gif> 
Received on Tuesday, 12 September 2006 20:35:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:34:14 GMT