W3C home > Mailing lists > Public > public-usable-authentication@w3.org > September 2006

RE: Non phishing brand attacks

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Tue, 12 Sep 2006 16:35:06 -0400
To: "'Hallam-Baker, Phillip'" <pbaker@verisign.com>, <public-usable-authentication@w3.org>
Message-ID: <E1GNEyX-000393-2a@lisa.w3.org>



From: public-usable-authentication-request@w3.org
[mailto:public-usable-authentication-request@w3.org] On Behalf Of
Hallam-Baker, Phillip
Sent: Tuesday, September 12, 2006 11:05 AM
To: public-usable-authentication@w3.org
Subject: Non phishing brand attacks


The message attached is not a phishing attack but it is sent with criminal
intent. The scam behind this message is an advance fee fraud. To get the car
the mark has to pay a delivery fee up front. The car will never be
delivered. The criminals will run off with the cash.


The point here is that we need to do more than just stop one particular form
of crime that depends on the ability to impersonate trusted parties.
Phishing is a complex crime and any solution is going to require multiple
levels. In particular we are going to need trustworthy input paths for
credentials, theft resistant credentials and authentication of email
messages in addition to authentication of Web sites.


With regard to the 'workflow' issue we need to work through each attack
scenario and decide where in that attack scenario the user is most likely to
notice the authentication credentials. The most effective point of access is
probably going to be the initial email solicitation rather than the capture
site the mark visits after they have been lured in. For various tactical
issues it is best for this group to consider the Web site authentication
process before email.



From:  xxx 
To: Hallam-Baker, Phillip



A new twist on Phishing?





From: coco@yahoo.com [mailto:coco@yahoo.com] 
Sent: Tuesday, September 12, 2006 7:20 AM
To:  xxx








THE COCA COLA COMPANY Hong Kong office is Giving Away 1 cars For "FREE"!!
And cash bonus of $800,000.00 
The Company is trying e-mail to e-mail advertising to introduce its
The reward you received for advertising for them is a Mercedes-Benz, ML
class jeep convertible free of cost! Including cash prize of $800,000,00

To receive your free car all you need to do is send us your
1. Full name
2. Address / contact number
3. Country of origin
4. Occupation
5. Email.

Within 1 month you will receive a free car. a draw has just been concluded
in Hong Kong last weekend 
(we contacted you via your email address).

You must send your contact information to, 
ccocacolaa@excite.com or ccoca_cola@excite.com

Kind Regards,

Sandy Robert 
Sales /Marketing Manager
coca cola Asia
Hong Kong




Received on Tuesday, 12 September 2006 20:35:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:46:10 UTC