Re: CRIME Washington Mutual fishing mail

From: Joe St Sauver (JOE@private)
Date: Mon Jan 17 2005 - 13:56:46 PST


#I know fishing mails are old news, but one of my coworkers just received
#this one which is remarkable by how well worded it is and the lack of
#spelling errors (at least until the last but one sentence).

WAMU's special in a couple of ways:

-- appears to be refusing complaints from,

-- unlike many other popular phishing targets (including and, has yet not published SPF records:

3 % host -t txt text "v=spf1 ip4: ip4:192.193.
210.0/24 ~all"
4 % host -t txt text "spf2.0/pra mx inc ~all" text "v=spf1 mx include ~all"
5 % host -t txt

We've taken to blocking a list of apparent senders that includes:

account@private        REJECT
clients@private        REJECT
confirm@private        REJECT
css@private            REJECT
customer-service@private REJECT
customer@private       REJECT
customerservice@private REJECT
onlineservices@private REJECT
personalbanking@private REJECT
security@private       REJECT
service@private        REJECT
support@private        REJECT
update@private         REJECT
wamuonlinebanking@private REJECT

however we *know* that's not a complete list.

If I were WAMU, I'd be as worried about losing the ability to effectively
transact business online with my customers as I would be about direct
losses associated with the phishing activity.




This archive was generated by hypermail 2.1.3 : Mon Jan 17 2005 - 14:34:10 PST