Hi, #I know fishing mails are old news, but one of my coworkers just received #this one which is remarkable by how well worded it is and the lack of #spelling errors (at least until the last but one sentence). WAMU's special in a couple of ways: -- wamu.com appears to be refusing complaints from spamcop.net, -- unlike many other popular phishing targets (including citibank.com and ebay.com), wamu.com has yet not published SPF records: 3 % host -t txt citibank.com citibank.com text "v=spf1 a:mail.citigroup.com ip4:192.193.195.0/24 ip4:192.193. 210.0/24 ~all" 4 % host -t txt ebay.com ebay.com text "spf2.0/pra mx include:s._sid.ebay.com include:m._sid.ebay.com inc lude:p._sid.ebay.com include:c._sid.ebay.com ~all" ebay.com text "v=spf1 mx include:s._spf.ebay.com include:m._spf.ebay.com include :p._spf.ebay.com include:c._spf.ebay.com ~all" 5 % host -t txt wamu.com [nothing] We've taken to blocking a list of apparent senders that includes: account@private REJECT clients@private REJECT confirm@private REJECT css@private REJECT customer-service@private REJECT customer@private REJECT customerservice@private REJECT onlineservices@private REJECT personalbanking@private REJECT security@private REJECT service@private REJECT support@private REJECT update@private REJECT wamuonlinebanking@private REJECT however we *know* that's not a complete list. If I were WAMU, I'd be as worried about losing the ability to effectively transact business online with my customers as I would be about direct losses associated with the phishing activity. Shrug. Regards, Joe
This archive was generated by hypermail 2.1.3 : Mon Jan 17 2005 - 14:34:10 PST