RE: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If not to protect them, how can you verify that s site is not being
spoofed, technically?

-----Original Message-----
From: Dean Anderson [mailto:dean@xxxxxxx] 
Sent: Sunday, December 21, 2003 7:29 PM
To: Parry Aftab
Cc: ietf@xxxxxxxx
Subject: RE: [Fwd: [isdf] need help from the ietf list...can someone
post this for me? or allow me to post directly?]

People need to rely on their common sense.  This isn't a technical
problem. It is a social engineering problem. Your best bet is to read
Kevin Mitnick's book "The Art of Deception". Of course, there will be
instances were banks will send their customers emails.  But you should
treat those emails with the same degree of caution that you treat other
communications.  People are going to buy things over the net, and
they'll
also get emails with links in them.  Not all of those emails are going
to
be genuine.  Not all will be fake, either.

The scenario "your account has been hacked, you need to act fast and
give
out your confidential finanical information" is never a realistic
scenario
for a financial or other institution.  People need to know that when
someone tries to rush them, they need to be suspicious.  The
communication
media format used (phone, email, physical presence) doesn't matter.  If
people are savvy enough to know that the person on the phone or at the
door might not really be from the bank, they should be savvy enough to
realize that the email they just got might not really be from the bank
either.  Common sense usually suggests the right answer to a particular
case.  But, some people are going to be duped, anyway.  People are taken
in by "Matchstick Men"  (movie with Nicholas Cage playing a con-artist)
every day.  There is nothing that can be done technically to protect
them.

		--Dean

On Sun, 21 Dec 2003, Parry Aftab wrote:

> I agree. But frankly many Internet users (if not most) are already
> distrustful and at the same time we want to teach them to be cautious,
> asking them to pull a bank statement and compare telephone numbers
when
> they have just been told their account has been hacked and they need
to
> act fast, isn't realistic. Is it enough to say "never give out this
> information pursuant to an e-mail, or link sent to you online, or via
> phone for that matter?"
> 
> While we can always argue the societal issues, I was hoping you
techies
> could help me on hard tech tips :-)
> Parry Aftab
> 
> -----Original Message-----
> From: Dean Anderson [mailto:dean@xxxxxxx] 
> Sent: Sunday, December 21, 2003 4:45 PM
> To: Mark Smith
> Cc: shogunx; franck@xxxxxxxxx; ietf@xxxxxxxx; parry@xxxxxxxxx
> Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone
> post this for me? or allow me to post directly?]
> 
> Most scams involve things that the institutions themselves would never
> do,
> such as calling you on the telephone or sending as email to have you
> update your confidential finanical information.
> 
> The email scams are fundamntally no different from telephone scams or
> door-to-door confidence scams, where the "bank" (imposter) calls you
and
> asks you for confidential information.  The real institution already
has
> this information, and they don't need it again.
> 
> The question of how to verify the Website is the wrong question to
ask.
> 
> Assume you can't verify it, and instead get the website address, phone
> number, etc from your genuine bank statement.  If you get something
> unusual or confusing, print it out and take it to your financial
> institution.
> 
> 		--Dean
> 
> On Sun, 21 Dec 2003, Mark Smith wrote:
> 
> > And don't trust emails asking for sensitive information. Verify
their
> > requests independantly via the phone, for example, and just _don't_
> use
> > a phone number that is supplied in the email.
> 
> 
> 
> 






[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]