lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20030623170254.GA28739@squirrelsoup.net>
From: f0x at squirrelsoup.net (Gabe Arnold)
Subject: Implications of outsourcing email

I got this too, and agree it looks sketchy, pehaps someone got hold of their list and wants to see what e-mails are still 'alive'? And 
what people are prone to click on everything they see.

--gabe

* rajesh (secvar72@...mail.com) wrote:
> In spite of all the trust implications in outsourcing e-mail 
> communications, why would any company use a 3rd party mail service 
> provider, especially, to sent a "E-Mail hoax notification"?
> 
> How would one distinguish the original fraudulent email from this real 
> alert email? Return address does not point to BestBuy, the URL's don't 
> point to BestBuy.
> 
> (If I click thru some of this potentially spam-like links I do reach 
> BestBuy page with the real warning. But the fraudulent mail had the same 
> features.)
> 
> Rva
> 
> 
> 
> -------- Original Message --------
> 
> Received: from mailer13.postfuture.com ([64.5.35.13]) by 
> mc5-f30.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);	 
> Sat, 21 Jun 2003 07:22:02 -0700
> Received: from postfuture.com (64.5.35.58)  by mailer13.postfuture.com 
> with SMTP; 21 Jun 2003 09:35:26 -0600
> Message-Id: <28743v$11eslg@...nport.postfuture.com>
> To: XXXXXX
> From: Best Buy <bestbuysecurityinfo@...tfuture.com>
> Subject: Official Notification from Best Buy
> Reply-To: Best Buy <bestbuysecurityinfo@...tfuture.com>
> Errors-To: PPBounces@...tfuture.com
> X-PF-ERID: 387;;54254944
> MIME-Version: 1.0
> Content-Type: multipart/alternative;	boundary="----+PF_NextPart1"
> Return-Path: bestbuysecurityinfo@...tfuture.com
> X-OriginalArrivalTime: 21 Jun 2003 14:22:02.0958 (UTC) 
> FILETIME=[7C178EE0:01C33800]
> Date: 21 Jun 2003 07:22:02 -0700
> 
> *******************************************************
> IMPORTANT E-MAIL HOAX NOTIFICATION
> *******************************************************
> 
> Late Wednesday afternoon, June 18, 2003,
> Best Buy became aware of an unauthorized and
> deceptive e-mail to consumers titled "Fraud Alert."
> That e-mail message, which requested personal information
> (i.e., social security and credit card numbers), claimed to
> come from the BestBuy.com Fraud Department. That
> message was NOT from Best Buy or any of our affiliates.
> 
> Best Buy is working with the appropriate law enforcement
> authorities to quickly resolve the situation. We are working
> to shut down sites affiliated with that unauthorized e-mail and
> Best Buy
> will work with law enforcement authorities to prosecute any
> perpetrators involved in this illegal act to the fullest extent
> of the law. If you replied to the fraudulent e-mail in any way,
> contact your bank and/or credit card companies immediately.
> 
> No Best Buy systems have been compromised, and our online
> business is secure. The privacy of your personal information is
> of the utmost importance to Best Buy and any information you
> provide to us is handled according to our Privacy Policy.
> To view our Privacy Policy, please visit:
> http://bestbuy.postfuture.com/P/v3/r.asp?r=T1_Url4&e=387;;54254944&a=1006
> 
> As part of the preparation for the relaunch of BestBuy.com,
> online purchasing will be temporarily unavailable beginning
> Friday, June 20; however, our product information and helpful
> resource articles will still be available. Rest assured, the
> fraudulent e-mail will not affect the launch of our
> redesigned Web site.
> 
> If you have any questions, call Customer Care at
> 1-888-BEST BUY (237-8289) or visit our Online Pressroom at:
> http://bestbuy.postfuture.com/P/v3/r.asp?r=T1_Url5&e=387;;54254944&a=1006
> 
> To find out more about protecting your information, visit the
> Federal Trade Commission's Identity Theft Web site at:
> http://bestbuy.postfuture.com/P/v3/r.asp?r=T1_Url6&e=387;;54254944&a=1006
> 
> Thank you for being a valued Best Buy customer.
> 
> 
> 
> If you've opted out of Best Buy promotional e-mails, don't worry:
> you haven't been signed up again. We just wanted to make sure
> you knew about this situation, regardless of whether you receive
> Best Buy promotional e-mails. You will NOT continue to receive
> Best Buy promotional e-mails. Thank you.
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ