(no subject)

posted by [identity profile] bugshaw.livejournal.com at 10:39am on 21/10/2008
Once you click through, I expect they do, but the HTML emails rely on links to the real site. Or is this the problem, that the bank couldn't tell whether a mail client accessing the image was doing so through an official bank communication or through a phishing email? Meh.
[parent entry] [link] [parent] [reply]
ext_8103: (Default)

(no subject)

posted by [identity profile] ewx.livejournal.com at 11:15am on 21/10/2008

Oh, I see. I tend not to see linked images in emails so that part of the question hadn't occurred to me.

Here's an example of the HTTP request my mailer makes when it does download embedded images:

GET http://www.apple.com/euro/enews/images/spacer.gif HTTP/1.1
Host: www.apple.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.14eol) Gecko/20080724 Thunderbird/1.5.0.14eol
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

The only thing there that comes from the message is the image URL; a fraudster could just copy that and there'd be no way to tell what the content of the rest of the email was.

[link] [parent] [reply]

September

SunMonTueWedThuFriSat
  1
 
 2
 
 3
 
 4
 
 5
 
 6
 
7
 
 8
 
 9
 
 10
 
 11
 
 12
 
 13
 
14
 
 15
 
 16
 
 17
 
 18
 
 19
 
 20
 
21
1
 22
 
 23
 
 24
 
 25
 
 26
 
 27
 
28
 
 29
 
 30