https://bugzilla.novell.com/show_bug.cgi?id=240162
pavel@novell.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|Normal |Blocker
Summary|Password expiry email is not|Password expiry email encourages phishing
|rfc822 compliant |
------- Comment #8 from pavel@novell.com 2007-05-14 03:57 MST -------
So I got the very important email:
Subject: Urgent Spam Alert
I almost deleted it as a spam. (Can whoever writes those newsletters
learn to pick subject -- "phishers targetting eTrade financial" would
be better? Also please wrap your emails after 80 columns).
It was not a spam, it was just another newsletter, telling me
"
You may have recently received an e-mail purporting to be from eTrade
Financial asking+you to provide personal financial information. This
was a fake (or "spoofed") message that did not in fact originate from
eTrade.
Legitimate commercial institutions will never e-mail you and ask for
personal information in this manner. Never give out personal or
financial information when solicited for it. It is a common practice
for thieves to attempt to trick individuals into disclosing personal
or financial information by appearing to represent a legitimate
organization.
"
Ok. Respectable organization would never ask me for personal
information... would it?
Then I got this gem: Notice that it is in html, so it is almost
impossible to tell where the link would take me. Notice funny
capitalization of the email address, and how it gives me no
choice: click on link or we'll disconnect you. Exactly how the phisher
would phrase it, right?
From: IS&T Directory Team
Subject: Password Expiration Warning
[-- Autoview using lynx -dump '/tmp/mutt.html' --]
password self-service www.novell.com
Password Expiration Notification
Your password has expired.
You have 15 grace logins remaining.
Please change your password immediately to prevent interruption of
business services.
[1][pwbutton.gif]
[spacer.gif]
1. https://innerweb.novell.com/password/protected/password.jsp
Hmm, this is suspect, so lets view the html:
...
width="500" border="0" cellspacing="0" cellpadding="3"><tr
align="middle" valign="middle"><td align="center" class="msghead"
height="50">Your password has expired.<br>You have 15 grace logins
remaining.</td></tr><tr><td align="center" class="msgcontent"
height="75">Please change your password immediately to prevent
interruption of business services.</td></tr><tr align="middle"
valign="middle"> <td align="center" class="reg-text"><a
href="https://innerweb.novell.com/password/protected/password.jsp"
target="pwwindow"><img
src="https://innerweb.novell.com/password/public/pwbutton.gif"
border="0"></a></td></tr></table></form></div></td></tr></table></div><!--
Body Table End --><br><table width="540" border="0" cellspacing="0"
cellpadding="0" bgcolor="#000000"><tr><td><img
src="https://innerweb.novell.com/img/spacer.gif" width="100%"
height="2"></td></tr></table><br></div></body></html>
...
.whoever wrote this certainly had something to hide. (It is actually
ten times this length).
Unfortunately, this is not a scam. This is genuine email from whoever
is hiding behind "IS&T Directory Team". With teams like that, who
needs scammers?
(I made noises about this before, and I was told that everything is
okay, because the email is according to "Novell policies". "Not being
completely braindead" is apparently not one of Novell policies).
At the very least, please drop the html part. Teaching users to click
on random links in incoming html document is very very very bad idea.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.