On 2016-04-14 11:45, Eric Henson wrote:
The bank emails I receive usually include a piece of information they know about me (last 4 of account number or similar) to prove it's really from the bank.
While this helps against general phishing, this leaves users vulnerable to targeted attacks. Consider an attack that starts with a compromised database that includes your real name, email address and credit card, this would be enough to determine which bank issued the card/account and create a plausible looking phish including your name and last 4 digits.
Combined with a "https://www.bankname-online.example"; type URL, it just might hit a lot of otherwise smart issues.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
