RE: Phishing++ from michael.mccormick@wellsfargo.com on 2007-10-25 (public-wsc-wg@w3.org from October 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Thu, 25 Oct 2007 01:45:02 -0500
To: <staikos@kde.org>, <public-wsc-wg@w3.org>
Message-ID: <9D471E876696BE4DA103E939AE64164D5B82F4@msgswbmnmsp17.wellsfargo.com>

When are HTML renderers (esp. email) going to stop making hyperlinks of
the form <a href=URL1">URL2</a> clickable?  Instead of rendering it as a
regular browser hot link, clicking on it should trigger a warning
message if URL1 != URL2.

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org]
On Behalf Of George Staikos
Sent: Wednesday, October 24, 2007 11:26 PM
To: W3 Work Group
Subject: Phishing++

I just received this phish today.  I thought it was good enough to
forward on to remind us of where things are going and what we're trying
to stop:

! Importance: High
BancorpSouth Inview

IMPORTANT SECURITY NOTICE

All Users - Must Accept New Digital Security Certificate 2007 (Security
ISO 27001 Certification Consulting)

Customers of numerous banks have been victims of ACH and wire transfer
fraud in recent weeks, resulting in the origination of unauthorized ACH
entries and wire transfers from customers' computer systems.

BancorpSouth Enhanced Security Authentication We have enhanced the
BancorpSouth security access to further safeguard access to your account
information.

IT IS VITALLY IMPORTANT THAT YOU REMEMBER AT ALL TIMES THAT THE SECURITY
AND INTEGRITY OF YOUR CONFIDENTIAL INFORMATION AND CASH MANAGEMENT
APPLICATIONS DEPEND UPON YOUR OWN COMPUTER SYSTEM BEING ADEQUATELY
PROTECTED FROM OUTSIDE THREATS.

BancorpSouth now requires all InView users to enroll in our 2-way
authentication security system, Passmark.
You will be able to provide your Passmark information quickly and easily
using our secure server web form.
Please understand that without promptly providing your Passmark
information, your BancorpSouth Corporate Cash Management Online service
may be discontinued.

To update your Passmark at this time, please visit our secure server web
form by clicking the hyperlink below:

Login by clicking here: https://www.bxs.com/inview/

2007 BancorpSouth Corporate Cash Management Online Passmark Services

The real URL is: http://www.bxs.inview.session34854.certificate-
logon2007.serial61623682-0007.dre43.com/login.htm

They're getting better!  It's going to be tough to educate users  
around some of these ones.  They're even going directly after some of  
the technologies that are designed to block them.

--
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

Received on Thursday, 25 October 2007 06:45:50 UTC