"Legit" in this particular instance is open to interpretation. :-(
The mail isn't from BofA. The mail is from CheckFree Inc.
Which is a legit banking company, but it isn't BofA.
So they are lying in the From address about who they are. In that sense,
the mail is a spoof.
On the other hand, it doubtless relates to some transaction on a BofA
account, and in that sense is somewhat legit. And they probably used the
BofA in the From so Joe Average would "know" that it was a legit mail, and
not from some company he never heard of.
Sigh.
Loren
----- Original Message -----
From: "qqqq" <[EMAIL PROTECTED]>
To: "Kelson Vibber" <[EMAIL PROTECTED]>; "SpamAssassin Users"
<users@spamassassin.apache.org>
Sent: Thursday, September 21, 2006 7:40 PM
Subject: Re: 70_sare_spoof.cf False Pos - Bank of America
*sigh* Assuming this really is legit... I hate it when prime phishing
targets decide to make things easier for the phishers by making their
own mail look suspicious, thereby training users to ignore warning signs.
My "favorite" (and I use that term loosely) is Symantec -- a computer
security company -- which sends things like upgrade offers through
bluehornet.com.
Yea..it's legit. I checked the links and it was certainly them and the
numbers in the emailing matched my info.
B
