[outages] eBay password changes -- were they attacked?
Jay R. Ashworth
jra at baylink.com
Thu Apr 7 11:33:12 EDT 2016
----- Original Message -----
> From: "Joe Abley via Outages" <outages at outages.org>
> On 5 Apr 2016, at 15:29, Joe Zabramski via Outages <outages at outages.org> wrote:
>
>> I received a very similar message from Amazon on 3/7/16. Discussion boards
>> seemed to indicate it was legit, however my password was never actually changed
>> by Amazon as the e-mail indicated, nor did I ever change it manually as a
>> result.
>>
>> The e-mail also appeared legit on the headers, but now that I look at a little
>> more closely it originated from amazonses.com <http://amazonses.com/> which is
>> seems like it might be an e-mail service you can subscribe to?
>
> My assumption would have been that it was a phishing attempt, and that any
> credentials I had shared in response to the e-mail ought to be assumed
> compromised immediately.
>
> I'm not familiar with this "discussion board" approach to trusting unexpected
> requests for login details.
Well, in fairness, none of these things require you to trust anything more
than that your browser has you where the URL and certificate badge say it is.
"Amazon SES" is, of course the AWS Simple Email Service, but I don't know
if that's a valid domain for it.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
More information about the Outages
mailing list