Tag Archives: spam

ETrade: phishing or not?

Bookmark This (opens in new window)

Financial institutions are very in tune with the phishing threat and how it can damage their brand.

Or are they?

I received this e-mail from ETrade yesterday.  I’m a security expert and I recognize spam and phishing. I had to look this one over a few times to distinguish whether it was real or not.

This isn’t helping customers. Instead, it’s training them to respond to *real* phishing mail by making phishing and real messages indistinguishable.

Here is the spam – um, I mean, e-mail:

* * *

Special Pricing Expiration Notification

Your discounted commissions on stock and options trades will expire in 7 days.

You can still get extraordinary value when you trade with E*TRADE. We customize our commissions(1), making it easy to qualify for our best pricing.

If you have any questions, please call 1-800-ETRADE-1 (1-800-387-2331) or log on to your account at http://www.etrade.com and contact us through the Help Center.

View our current commission schedule (https://us.etrade.com/e/t/estation/pricing?id=1206010000)

PLEASE READ THE IMPORTANT DISCLOSURES BELOW

1. For details and additional information about our trading commissions and options contract fees, please visit http://www.etrade.com/commissions.

(c) 2007 E*TRADE Securities LLC, Member NASD/SIPC (http://www.sipc.org). All rights reserved. The information contained in this Smart Alert does not constitute a recommendation by E*TRADE Securities, and is subject to the Smart Alerts Terms and Conditions (https://us.etrade.com/e/t/estation/help?id=1209038000) and the E*TRADE Securities Customer Agreement (https://us.etrade.com/e/t/estation/help?id=1209031000). We cannot respond to e-mails sent to this mailbox. If you have questions, please contact us through the Help Center (https://us.etrade.com/e/t/estation/help?id=1203000000).

New spam: forwarded mail?

Bookmark This (opens in new window)

Starting on August 28, I’ve been getting tons of email from people I don’t know, and I wasn’t in the recipient list either.  Among the messages I received were the usual e-mail messages to groups of friends as well as e-mail from websites.  Yesterday I saw a pattern when two specific recipients’ e-mail addresses were always in the To: line.

I conducted a short experiment: I created email messages to each of the two recipients, and voila, those messages ended up in my inbox!  In both cases, the user accounts were changed to forward all e-mail to me.

Is this a new type of spam, or just coincidence?

In both cases I have sent e-mail to abuse@<domain> asking them to turn off the forwarding.  We’ll see what happens.

How Spammers Get E-Mail Addresses

Submit: Add to your del.icio.us Digg This Slashdot GotNews StumbledUpon Reddit

Some of the tools and sources employed in harvesting e-mail addresses from the Web include the following:

  • Web spiders
  • Newsgroups
  • Groups, blogs, and discussion boards
  • Test messages
  • Unsubscribe links
  • Malware
  • Unsubscribe requests
  • Buying and stealing addresses

Read entire article here

Learn more about blocking spam and spyware here

Learn more about blocking viruses here