[IP] MORE ON Bank of America vs security

To: Ip ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] MORE ON Bank of America vs security
From: David Farber <dave@xxxxxxxxxx>
Date: Wed, 22 Jun 2005 18:42:06 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <Pine.BSI.4.56.0506221725200.16529@xxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: John R Levine <johnl@xxxxxxxx>
Date: June 22, 2005 5:51:50 PM EDT
To: David Farber <dave@xxxxxxxxxx>
Cc: Bob Frankston <O2RMF2@xxxxxxxxxxxxxxxxxx>
Subject: Re: [IP] Bank of America vs security

Received: from pula.cashedge.com ([129.41.8.16]) by **MYMachine**
with Microsoft SMTPSVC(6.0.2600.2180);

What is ?pula.cashedge.com?


Hi, Bob.  Believe it or not, that message was legitimate, not a phish.
Cashedge is a large service bureau that handles inter-account transfers

for BofA and just about every other bank in the country. I justlooked up

pula.cashedge.com which is indeed at 129.41.8.16.

It's not surprising that banks outsource technical functions, but it
boggles the mind that despite the phishing epidemic, their e-mail

practices remain so sloppy. I get all sorts of mail like the one yousawfrom Cashedge and their major competitor Checkfree, and if I didn'thappento know who they are and what domains they use, I would have guessedthat

they were all phishes, just like the undertrained BofA support droid who
answered your question did.

It's not just account transfers.  I had a BofA credit card (which by
coincidence I cancelled this morning) and when I signed up for the
modestly useful Verified by Visa program, the confirmation message came
from cyota.com, a small Israeli company that would scream phish if I

didn't happen to know who they are because I follow the e-moneyindustry.

Even mail directly from a bank is hard to figure out; the mail that MBNA
sends me about my credit card comes from all sorts of names like
customercenter.net (which is Checkfree), never mbna.com.  Try and guess
which of mbna-access.com and mbnaaccess.com belongs to MBNA, which to a
squatter in Australia.

Hey, banks: if you want us to tell the difference between real mail from

you and fake mail not from you, how about at least putting your owndomainon it? If bulk mailers can do it, like Doubleclick who getscustomers to

delegate email.whoever.com to DCLK's mail hosts, so can you.

Regards,
John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY
http://www.taugh.com


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] AP: Federal Agency Collected Extensive Personal Data About Airline Passengers Despite Pledge
Next by Date: [IP] more on AP: Federal Agency Collected Extensive Personal Data About Airline Passengers Despite Pledge
Previous by thread: [IP] AP: Federal Agency Collected Extensive Personal Data About Airline Passengers Despite Pledge
Next by thread: [IP] more on AP: Federal Agency Collected Extensive Personal Data About Airline Passengers Despite Pledge
Index(es):
- Date
- Thread