Fishy e-mail reeks of phishing, or something worse

Fishy e-mail reeks of phishing, or something worse

Summary: Bob Frankston has encapsulated a very suspicious e-mail  that he received (or thinks he received) from Bank of America in a longer expression to Dave Farber's List of his worries and concerns that his private communications with the financial institution were seriously breached.  Being the technical guy that he is, Frankston tried to diagnose the problem via dissection of e-mail and IP diagnostic data, but only got far enough to know something is very wrong.

SHARE:
TOPICS: Networking
12
Bob Frankston has encapsulated a very suspicious e-mail  that he received (or thinks he received) from Bank of America in a longer expression to Dave Farber's List of his worries and concerns that his private communications with the financial institution were seriously breached.  Being the technical guy that he is, Frankston tried to diagnose the problem via dissection of e-mail and IP diagnostic data, but only got far enough to know something is very wrong.  The timing of the potentially bogus e-mail to him was way too coincidental given when he originally contacted BoA about engaging in certain types of transactions (fund transfers in this case).  At this point, Frankston can't even tell whether the 800-number and the name he was given to call are bogus either.  Frankston is reaching out to Netizens to get their take and to find more clues.  At the end of the post, Frankston, who will usually tell you he is busy trying to fix the Internet, wrote "I’ve been mulling how to do edge-to-edge implementations in place of relying on the IP addresses but it’s been difficult to come up with an alternative to the DNS as an authoritative mapping of identifiers to IP addresses. Maybe that trust is misplaced."  Perhaps so.

Topic: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Reeks

    Spell-checkers don't catch homonyms.
    Yagotta B. Kidding
  • ditch dns

    I have a dns for my phone, it's called the phone book, and there are several ways that I can check if the number is legit. Static ip's rule!! It's just lousy software on the other side that makes them not so useful. The phone system has had static ip forever, it works. Lets figure out a way to keep up with changing "phone numbers"
    pesky_z
    • Not an IPv6 man I believe

      Gonna be a bit of a killer using IPv6 addresses isn't?

      Go to my website (got a pen)

      FEDC:BA98:7654:3210:FEDC:BA98:7654:3210

      or email me

      richard@FEDC:BA98:7654:3210:FEDC:BA98:7654:3210

      ;-)
      Richard Flude
      • don't hex me....

        somehow the phone company has managed to give
        everyone phone numbers with just the basics, 3
        digit area, 3digit zone and 4 digit trailer, how
        can they do that? (okay so there's a country code
        as well) and amazingly people remember them....
        If you want real freedom on the web, allow
        hosting of individual sites,(unless of course you
        want to host one on your cell phone) and a slew
        of other stuff. A phone book with legitimate
        "numbers" would go a long way to killing of dns
        spoofing, phishing and a bunch of other scams, as
        well as providing some way of registering e-mail,
        and identifying the end user's location, isp etc.
        less is always more.
        pesky_z
  • You?ve been Outsourced

    Do a search on cashedge on Yahoo, you will fine it is an outsourcing firm. Simply BofaA has outsourced this function, but they do not want to tell there customers for some reason. If they have this policy, I would move my accounts to a bank that is more transparent in both the security it has implemented and what and to whom it is outsourcing to its customers, that is mandatory in today?s environment.
    idragon
  • Phishing everywhere

    Actually, I recieved the same kind of email from "Bank of America" as a phishing attempt. The strange thing is that I don't bank there. I've never had any information there (except what Bank of America mught have purchased from a third-party provider. So, I don't really think it came from their database. I think someone just sent out a bunch on emails out to everyone, figuring a good number of people actually bank there (I think its the largest bank in America).

    There is a simple rule. Never reply to an email. Go directly to the site and contact them via their site. And don't click the email to get to the site. Go via Google or by the URL that you know to be them. Anyone who sends their checking acct. number, passwords or CC info over an insecure line is asking for trouble.
    agramont@...
  • Trust has been destroyed

    This is a serious issue for the industry. Thanks to these phishing scams, we can no longer trust ANY e-mails from banks, PayPal, or even eBay -- even if they are legitimate. While it had so much promise, e-mail is now destroyed as a interactive communication channel from services providers. And that's a shame.
    joemckendrick
  • the new tv set

    would you pay your bills on your tv? of course
    not, trust has been destroyed, and it can all be
    traced back to technology not ready for the
    masses. Remember the fate of the Edsel......
    pesky_z
  • Banking Professional Agrees About Outsourcing

    I have to agree that it appears your transfer was outsourced. A simple query of the IP address does show that it belongs to IBM, but an even simpler query for the domain name shows that cashedge.com's web site DNS is also within this range. There are contact phone numbers, a physical office address on Tasman Drive in Milpitas, California -- not far from ZDNet/CNet's offices in San Franciso -- and contact email addresses listed within this profile.

    The company's web site states that one of its banking products (TransferNow) "enables financial institutions to offer secure inter-institution funds transfer services." -- Not an unusual offering in the banking industry.

    Before wasting time trying to expose a problem, pick up the telephone and call the company in Milpitas at 408-433-2400 and express your concerns to find out if there even is a problem.

    (Incidentally, their web site shows a corporate office location in San Jose with the above phone number, but a query on AT&T's anywho.com web site shows the Milpitas address with this same phone number, so it's legit!)

    What's most disturbing to me, is the idea of receiving communication from BofA stating that the original email was a fraud. Either the staff is terribly untrained -- or there really are other issues -- but these concerns should be brought to the Bank's Security Officer (a real member of the Bank's management, not the security guard in the lobby) for follow-up.
    DigIt_z
  • so why aren't there phishing scams in the postal mail???

    because if you're caught you go up the river for
    10 to 20 for mail fraud, a federal crime.
    pesky_z
    • The irony of the information age

      Ironically, the only safe and trusted way for service providers to communicate with customers is now by postal mail, and to a more limited degree, by phone. Trust in the e-mail channel has been destroyed. Remember they were predicting electronic communications would put the post office out of business?
      joemckendrick
  • Does the telephone work?

    Don't waste time emailing businesses that are notorious for taking
    days to respond, if at all. Use the telephone and talk to a person,
    especially when your financial health is in question. Use a number
    you know is valid (back of credit card or information sent via postal
    mail) and didn't come from a random email. If you must use
    email, then only do it on an encrypted form while logged onto the
    bank's web site.
    Chiatzu