Re: PSA: change your fedex.com account logins

[Dan Hollis <goemon () sasami anime net>]

The one-off email scheme is not predictable. It is randomly generated 
string of characters.

$ ./randgen
jvtMDluV0lwnlY5O

So you can totally eliminate that possibility entirely.

-Dan

On Fri, 31 May 2019, Jason Kuehl wrote:

> Is it possible, yes. I've seen it several times now at my place of work.
> Targeted attacks are a thing.
>
> On Fri, May 31, 2019 at 2:53 AM Mike Hale <eyeronic.design () gmail com> wrote:
>
> > Oh for fucks sake.
> >
> > Really?
> >
> > You two are questioning someone who subscribes to Nanog over Fedex?
> > You really think it's more likely that someone is targeting Dan Hollis
> > (whoever he is) instead of Fedex leaving something else exposed?
> >
> > On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc () ottie org> wrote:
> > > Dan Hollis wrote:
> > >
> > > Phishing scheme didn't happen.
> > >
> > > fedex has had a number of major compromises so it's not a stretch that
> > > their user database was stolen and sold to spammers.
> > >
> > >
> > > The other possibility is that your one-off email scheme is predictable,
> > and someone knows you use FedEx, and that someone is targeting specifically
> > you, and this obvious phishing email is a red herring for the exploit you
> > didn't see.
> > > Be concerned.
> > >
> > > -- S.C.
> >
> >
> >
> > --
> > 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>
>
> --
> Sincerely,
>
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.kuehl () gmail com