The relationships between enterprises and their “designated agents” are often pretty murky from a customer point of view. In the old days, few people cared. But in the world of phishing, we need a lot more clarity about who is representing whom – we need to know if an offer originates from a someone legitimate or not.<\/p>\n
In this post<\/a>, Ben Laurie<\/a> shows just how hard the current identity patchwork (read “architectural black hole”<\/em>) makes it to know what is going on – even if you're one of the top Internet security people in the world. <\/p>\n Ben tells us, “O2<\/a> like phishing…”: <\/p>\n They must do, or they wouldn\u00e2\u20ac\u2122t do stupid things like this.<\/p>\n I got an email, looking just like this:<\/p>\n And it couldn\u00e2\u20ac\u2122t be easier. All you have to do is renew your contract with O2 before 31st August 2006.<\/p>\n If you choose to renew your contract for 18 months, rather than 12 then there\u00e2\u20ac\u2122s even more on offer:<\/p>\n If you prefer to talk we have a range of Talker plans with Double Minutes each month*. For example, on an Online 500 Talker plan you\u00e2\u20ac\u2122ll get 1000 minutes and 150 messages each month for \u00a335.<\/p>\n If you prefer to text we also have a range of Texter plans which offer 50% Extra Minutes and Texts each month*.<\/p>\n For example, on an Online 500 Texter plan you\u00e2\u20ac\u2122ll get 750 mins and 750 messages each month for \u00a335.<\/p>\n To see our full range of handsets and offers and to renew your contract, click here<\/a>.<\/p>\n And thanks again for choosing O2 .<\/p>\n \u00e2\u20ac The information used in this mailing is based on your contract status as at 30th April 2006. Unfortunately, if you upgraded after this date your new contract means you won\u00e2\u20ac\u2122t be eligible for these offers. Terms and conditions apply.<\/p>\n *Offer subject to ongoing connection to eligible tariff see letter for details. Promotional allowances must be used within the month. Unused allowances cannot be carried over into subsequent months.<\/p><\/div>\n OK, I removed some maybe-identifying data from the link, but you\u00e2\u20ac\u2122ll notice the link goes to http:\/\/www.o2-mail.co.uk\/<\/a>. \u00e2\u20ac\u0153Oho\u00e2\u20ac\u009d, says I, being a suspicious sort, \u00e2\u20ac\u0153that\u00e2\u20ac\u2122s not O2\u00e2\u20ac\u2122s website, I wonder who managed to register it?\u00e2\u20ac\u009d<\/p>\n Domain name: Registrant: Registrant type: Registrant\u00e2\u20ac\u2122s address: Registrant\u00e2\u20ac\u2122s agent: Relevant dates: Registration status: Name servers: Hmmm, a non-trading individual who wants to renew my phone contract, eh? Think I\u00e2\u20ac\u2122d better check that out – but what a shame, http:\/\/www.uk.uu.net\/<\/a> doesn\u00e2\u20ac\u2122t actually resolve, so looks like I\u00e2\u20ac\u2122m not talking to them. And, oh dear, Nominet are closed until Monday, so that avenue is out, too.<\/p>\n The mail itself, incidentally, purports to come from o2-email.com, a domain which they didn\u00e2\u20ac\u2122t even bother to register.<\/p>\n So, fearing nothing, I clicked on the link – which redirects me to http:\/\/www.o2renew.co.uk\/<\/a>. Here we go again.<\/p>\n
\no2-mail.co.uk<\/p>\n
\nVertis<\/p>\n
\nUK Individual<\/p>\n
\nThe registrant is a non-trading individual who has opted to have their
\naddress omitted from the WHOIS service.<\/p>\n
\nMCI Worldcom Ltd [Tag = UUNETPIPEX]
\nURL: http:\/\/www.uk.uu.net\/<\/a><\/p>\n
\nRegistered on: 01-Aug-2003
\nRenewal date: 01-Aug-2007
\nLast updated: 04-Aug-2003<\/p>\n
\nRegistered until renewal date.<\/p>\n
\nns0-o.dns.pipex.net
\nns1-o.dns.pipex.net<\/p><\/div>\n