Jean-Marc Desperrier wrote: > Michael Ströder a écrit : >> [...] >> A couple of days ago I've received a phishing spam e-mail with a >> detailed description "how to accept the new more secure EV cert" of a >> banking site. Obviously the goal was to trick the user to access a >> phishing site. I didn't examine it any further. > > Michael, if you received such an email, it sounds *very* interesting and > worthy of looking exactly what kind of attack it was.
It seemed to be the usual click-here-and-enter-some-confidential-data attack. The migration to an EV cert was used as argument to convince the user to step into the trap. As said I did not examine it thoroughly. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
