Results 1 to 7 of 7

Thread: Client Email Addresses Disclosed

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Client Email Addresses Disclosed

    Banks are learning an age-old lesson all over again: the weakest link in security is people and not computers, as several cases of human error causing breaches of client confidentiality have highlighted.

    Investec Private Bank has sent out an e-mail accidentally disclosing the e-mail addresses of a number of its clients. This follows ITWeb's report earlier this week that First National Bank's (FNB's) Corporate BANKit division had unmasked 477 client addresses via e-mail.


    The email addresses may be more valuable to a competitor trying to steal the clients than anything else, but every little piece of seemingly inocuous information helps a social engineer out.

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Beverwijk Netherlands
    I guess they never heard of Blind Carbon Copy (BCC)

    I educate all the people that like to mail crap to me and others to NEVER add me in the CC or TO..
    only in the BCC !!!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    I think that the CC field should be dropped or be hidden by default on all mail clients.

    I hate getting emails that my email address has been copied into the CC along with others.

    Who's to blame? Most mail client have the BCC hidden by default.
    smilies are ON

  4. #4
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    I try to tell people to always email using the BCC field, but like micky05 pointed out the BCC field tends to be hidden by default and your average user won't take the time to figure out how to enable it.

    Perhaps they should change the default behavior of the client software so that all addresses are treated as BCC by default. Then, if you have a need for others to see the addresses you have to go out of your way to consciously add them to the TO field, or something to that affect.

  5. #5
    Senior Member
    Join Date
    Feb 2002
    what is the difference between cc and bcc?
    Ron Paul: Hope for America

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Cross :
    CC = Carbon Copy ; the contents of this field will typically be visible to all the recipients of the message sent.
    BCC = Blind Carbon Copy ; the contents of this field are stripped from visibility of all the other recipients so that the addresses remain undisclosed.

    I absolutely hate it when my email address comes up in that CC field. I know that is how I've ended up on a few mailing lists due to unscrupulous practices by some rather unsavory individuals.

    \"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"

  7. #7
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    All recipients can see all other recipients in the TO and CC fields. However, nobody can see the names or address information for people included in the BCC field.

    In business terms, I might send a message to Joe with tasks or action items for Joe to do. I might CC some people so that they are aware of what is going on, but so they understand the action items and tasks are not for them- they were just copied, not direct recipients.

    The BCC field sends a blind copy. You might use that if you wanted to send an email to Joe but you think Joe is a slacker- so you BCC his superior so that they know you asked Joe as well. Then you can see if Joe will do his job and his superior will know as well. That is just one example of a "legitimate" use of BCC.

    In reality it makes some sense to BCC everyone to maintain the privacy of all parties.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts