lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 12 Jan 2004 17:25:52 -0800
From: Lance James <lance.james@...bone.com>
To: 'Nicholas Weaver' <nweaver@...berkeley.edu>,
	winstrel <winstrel@...ll.org>
Cc: bugtraq@...urityfocus.com
Subject: RE: Abuse report email for CitiBank/CitiCards?


www.securityfocus.com/infocus/1745

for a better and clear experience with Citibank folks and their responses.



-----Original Message-----
From: Nicholas Weaver [mailto:nweaver@...berkeley.edu] 
Sent: Monday, January 12, 2004 11:07 AM
To: winstrel
Cc: bugtraq@...urityfocus.com
Subject: Re: Abuse report email for CitiBank/CitiCards?

On Sat, Jan 10, 2004 at 03:36:28PM -0500, winstrel composed:
> Anyone know valid email addresses for reporting potential abuse or fraud
at
> to CitiBank.com/CitiCards.com?
> 
> I'd like to forward some fraud emails (e.g. "Please go to this link and
> enter your card number and PIN that you use for ATM access...") for their
> information, but most of the usual suspects (abuse@XXX, webmaster@XXX,
etc.)
> bounce and using their web searches or Google comes up with nothing about
> reporting this kind of thing.
> 
> Also, any recommendations for other places where such reports should be
> sent, for the general public's good (especially since companies like
> CitiBank are apparently reluctant to admit that such fraud exists)?

I had slightly better luck contacting the hosting firm which had the
corrupted site for one phishing scheme.  

However, it seems to me that the actually really is pretty much "we
just don't care" overall.  You can get a particular instance shut
down, but there doesn't seem to be a serious attempt to backtrack &
prosecute, probably becaues things just cross so many boundries of
responsibility.

-- 
Nicholas C. Weaver                                 nweaver@...berkeley.edu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ