- From: Dan Schutzer <dan.schutzer@fstc.org>
- Date: Tue, 12 Sep 2006 16:35:06 -0400
- To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, <public-usable-authentication@w3.org>
- Message-ID: <E1GNEyX-000393-2a@lisa.w3.org>
Agreed _____ From: public-usable-authentication-request@w3.org [mailto:public-usable-authentication-request@w3.org] On Behalf Of Hallam-Baker, Phillip Sent: Tuesday, September 12, 2006 11:05 AM To: public-usable-authentication@w3.org Subject: Non phishing brand attacks The message attached is not a phishing attack but it is sent with criminal intent. The scam behind this message is an advance fee fraud. To get the car the mark has to pay a delivery fee up front. The car will never be delivered. The criminals will run off with the cash. The point here is that we need to do more than just stop one particular form of crime that depends on the ability to impersonate trusted parties. Phishing is a complex crime and any solution is going to require multiple levels. In particular we are going to need trustworthy input paths for credentials, theft resistant credentials and authentication of email messages in addition to authentication of Web sites. With regard to the 'workflow' issue we need to work through each attack scenario and decide where in that attack scenario the user is most likely to notice the authentication credentials. The most effective point of access is probably going to be the initial email solicitation rather than the capture site the mark visits after they have been lured in. For various tactical issues it is best for this group to consider the Web site authentication process before email. _____ From: xxx To: Hallam-Baker, Phillip Subject: FW: COCACOLA PRIZE Phillip, A new twist on Phishing? Scott _____ From: coco@yahoo.com [mailto:coco@yahoo.com] Sent: Tuesday, September 12, 2006 7:20 AM To: xxx Subject: COCACOLA PRIZE <http://www.hkemailotto.com/hkjh/cola_01.gif> <http://www.hkemailotto.com/hkjh/cola_02.gif> <http://www.hkemailotto.com/hkjh/cola_03.gif> <http://www.hkemailotto.com/hkjh/cola_04.gif> <http://www.hkemailotto.com/hkjh/cola_03_06.gif> COCA-COLA ONLINE PROMOTIONS!!! THE COCA COLA COMPANY Hong Kong office is Giving Away 1 cars For "FREE"!! And cash bonus of $800,000.00 The Company is trying e-mail to e-mail advertising to introduce its products. The reward you received for advertising for them is a Mercedes-Benz, ML class jeep convertible free of cost! Including cash prize of $800,000,00 To receive your free car all you need to do is send us your 1. Full name 2. Address / contact number 3. Country of origin 4. Occupation 5. Email. Within 1 month you will receive a free car. a draw has just been concluded in Hong Kong last weekend (we contacted you via your email address). You must send your contact information to, ccocacolaa@excite.com or ccoca_cola@excite.com Kind Regards, Sandy Robert Sales /Marketing Manager coca cola Asia Hong Kong <http://www.hkemailotto.com/hkjh/cola_03_08.gif> <http://www.hkemailotto.com/hkjh/cola_07.gif> <http://www.hkemailotto.com/hkjh/cola_08.gif> <http://www.hkemailotto.com/hkjh/qm.gif>
Received on Tuesday, 12 September 2006 20:35:31 UTC