Comments on: Scams - New and Not-So-New http://www.chrystalline.com/2008/02/scams-new-and-not-so-new/ The Sparkly Purple Vanilla Girl Fri, 05 Dec 2008 10:40:39 +0000 http://wordpress.org/?v=abc By: Chrystalline http://www.chrystalline.com/2008/02/scams-new-and-not-so-new/#comment-263 Chrystalline Mon, 24 Mar 2008 02:48:08 +0000 http://www.chrystalline.com/2008/02/scams-new-and-not-so-new/#comment-263 Ah, I can't believe I overlooked that! I know about SSL, and I completely forgot that part. I did forward the one I got to BOA - figured they'd want to know about it so they could take whatever steps are available to them. I didn't have the nerve to click the link, though I don't even have a BOA account to risk. Anyway, good to know I'm not the only one seeing the danger in this one. (BTW - stuck some spaces in to make it stop hyperlinking those URLs - no need to make it easy for people to blunder into it.) Ah, I can’t believe I overlooked that! I know about SSL, and I completely forgot that part. I did forward the one I got to BOA - figured they’d want to know about it so they could take whatever steps are available to them.

I didn’t have the nerve to click the link, though I don’t even have a BOA account to risk. Anyway, good to know I’m not the only one seeing the danger in this one.

(BTW - stuck some spaces in to make it stop hyperlinking those URLs - no need to make it easy for people to blunder into it.)

]]> By: Larry Killen http://www.chrystalline.com/2008/02/scams-new-and-not-so-new/#comment-262 Larry Killen Mon, 24 Mar 2008 00:15:55 +0000 http://www.chrystalline.com/2008/02/scams-new-and-not-so-new/#comment-262 I just received the BOA Cert notice. My suspicions were arroused when I noticed the URL they reference was an HTTP rather than HTTPS. ALL security type data would ALWAYS be sent over a secured socket layer. Upon examining the source, I noticed that the destination URL was not the same as the published URL. There may very well be an http: // direct-certs.bankofamerica. com/direct/certpickup.asp? but if you were to click on it (DON'T), you would go to http: // direct-certs.bankofamerica. com.avtthompson.hu.com/direct/certpickup.asp? I also examined the mail header and the mail is actually from : Received: from altern.org (unknown [37.15.39.134]) by the69vamps.com with SMTP id EVF6AO2XP7 And to top it off, I get the mail on Easter Sunday. I just received the BOA Cert notice. My suspicions were arroused when I noticed the URL they reference was an HTTP rather than HTTPS. ALL security type data would ALWAYS be sent over a secured socket layer. Upon examining the source, I noticed that the destination URL was not the same as the published URL. There may very well be an http: // direct-certs.bankofamerica. com/direct/certpickup.asp? but if you were to click on it (DON’T), you would go to http: // direct-certs.bankofamerica. com.avtthompson.hu.com/direct/certpickup.asp?

I also examined the mail header and the mail is actually from :
Received: from altern.org (unknown [37.15.39.134])
by the69vamps.com with SMTP id EVF6AO2XP7

And to top it off, I get the mail on Easter Sunday.

]]>