We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Strange email
Comments
-
What mechanism requires a person sending an attack email to use something other than an email that has the same cosmetic appearance as one using this system...
Any bets on how long it will be before we hear that some scammer has done exactly that - copied the appearance of the Scottish Widows email?
The more word gets around about how wonderfully secure the (real) Scottish Widows email is the more likely the unwitting are to be taken in by a scam version of it.0 -
What do you look a there to prove the from address is genuine? Not the From line, I hope, because that's useless for the purpose.
If I have doubts over the "genuineness" of an email I will check the message source. However I don't do that for every email I receive.I'm unsure from your wording, but surely you don't mean after following the link in the email to get to the site that is pretending to be a secure messaging site, then looking at whatever source that site shows?
The full message source is available before following any link.What mechanism requires a person sending an attack email to use something other than an email that has the same cosmetic appearance as one using this system, for the sole purpose of getting you to click on a link in the email?
I get the impression that it won't matter what I say, you will come up with a reason against the system. I understand your reservations over the web based system so avoid i then and use the email client system. It's much easier to use anyway.middlepuss wrote: »Any bets on how long it will be before we hear that some scammer has done exactly that - copied the appearance of the Scottish Widows email?
The more word gets around about how wonderfully secure the (real) Scottish Widows email is the more likely the unwitting are to be taken in by a scam version of it.
The financial companies are recommending the use of the Outlook/Outlook Express plugin to read the emails. There is then no html link to follow and it simply decrypts the email.0 -
I get the impression that it won't matter what I say, you will come up with a reason against the system.
Checking email source rarely helps to prove genuineness, certainly not the easy to forge From address.
I haven't done any research to find out whether the plugin also has major security flaws or not. My guess is not, because I expect it to be possible for anyone to send an email appearing to be from any address and have the plugin display them, but I don't know.middlepuss wrote: »Any bets on how long it will be before we hear that some scammer has done exactly that - copied the appearance of the Scottish Widows email?middlepuss wrote: »The more word gets around about how wonderfully secure the (real) Scottish Widows email is the more likely the unwitting are to be taken in by a scam version of it.
Scottish Widows doesn't seem to be acting in a responsible manner here.0 -
Checking email source rarely helps to prove genuineness, certainly not the easy to forge From address.
One minute you say you would check the message source to see where the link would take you and the next minute you say viewing the message source doesn't help.I haven't done any research to find out whether the plugin also has major security flaws or not. My guess is not, because I expect it to be possible for anyone to send an email appearing to be from any address and have the plugin display them, but I don't know.
So you would have to correctly guess the registered email address then guess the password? To install the plugin in the first place you have to know 4/5 pieces of information and then be able to verify that email address through them sending you an email to the registered address so you'll need the password on that account too.
Did you take up dh's offer to send you an encrypted email so you could see how it works?Add in more vulnerability to whole computer compromises with instructions to "install our new more secure email viewing plugin" that attackers will be able to use.
The plugin is provided by two major security firms who might just have a little clue about what they're doing.0 -
Viewing the message source is fine to check links, if they are readable in the source, which isn't always the case, but almost useless for verifying the from address.
Those pieces of information for the genuine plugin don't have any effect on what a fake plugin requires or what at fake email might say.
The two major security firms have a product to sell. I assume that if used as intended the product will protect the contents of genuine emails sent using it. That's not my concern, compromise of the computer receiving the email or the account details of recipients by fake emails is. This approach seems to be increasing the chance of compromise of computer or account details to gain some privacy of some individual emails. I think that's a poor bargain.0 -
Viewing the message source is fine to check links, if they are readable in the source, which isn't always the case,
Which takes us back to your point of some hacker taking you to an alternate website and downloading something to compromise your computer.
Yes the link is viewable in the message source.Those pieces of information for the genuine plugin don't have any effect on what a fake plugin requires or what at fake email might say.
The fake plugin would not be asking the security questions you have already set up at the legitimate site so you would immediately know to be wary.
And yes I have followed sensible computer security by going to the security site directly to register, download and install my plugin as opposed to simply clicking on an email link.The two major security firms have a product to sell. I assume that if used as intended the product will protect the contents of genuine emails sent using it.
That's the whole idea of it. If we are going to use electronic mail as a way forward then a more secure way must be found. Emails, as it stands, can be intercepted anywhere.That's not my concern, compromise of the computer receiving the email or the account details of recipients by fake emails is. This approach seems to be increasing the chance of compromise of computer or account details to gain some privacy of some individual emails. I think that's a poor bargain.
No account details are ever asked for unlike in internet banking where you would be giving someone access to your bank account.
Also anti-phishing modules are built into the email so that you can trust its source.
http://www.voltage.com/pdf/VoltageSecureMailDatasheet.pdf
The Unipass system works in exactly the same way. Demo here if you want to see it in use.
http://us.trendmicro.com/us/products/enterprise/email-encryption/flash-demo/index.html0 -
Also anti-phishing modules are built into the email so that you can trust its source.
http://www.voltage.com/pdf/VoltageSecureMailDatasheet.pdfIt can be made less risky if the initial email contains pre-agreed personal or other information known only to the place that sent you the email that can't possibly be guessed by a spammer. Has to be pre-agreed or it can be used by someone with stolen information who can fake it by supplying whatever genuine information they have about you to say that it's to prove it's genuine.
If you can use the image just by knowing the email address you're sending to an attacker can use it. Hopefully that's been dealt with.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards