On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:
> Joseph Brennan writes:


> > Do you mean attempts to get your users to send their passwords,
> > or fake mail pretending to be from banks?

>
> I mean attempts to get my users to send their passwords, are these not
> called phishing?


An important bit of information, missing from the OP. Targeted
attacks at your users, so the general phishing BLs don't really apply.

Anyway, can't you educate your users, that

(a) Any administrative email will be sent from an official, well known,
internal address? That means *not* an arbitrary address. Yes, sorry,
the obvious...
(b) They will *never* ever be asked for a password by mail. Period.
Again, obvious...

Then block internal / administrative From addresses coming from any
external SMTP.

This is not a technical way to stopping these, but an educational
approach to prevent the most dumb and gross social engineering. At least
the second one actually should be well-known, and I've seen ISPs
pointing it out frequently...

guenther


--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a \x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i (c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}