Re: Phishing rules?
Karsten Bräckelmann <firstname.lastname@example.org> writes:
> On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:[color=green]
>> Joseph Brennan <email@example.com> writes:[/color]
>> > Do you mean attempts to get your users to send their passwords,
>> > or fake mail pretending to be from banks?[/color]
>> I mean attempts to get my users to send their passwords, are these not
>> called phishing?[/color]
> An important bit of information, missing from the OP. :) Targeted
> attacks at your users, so the general phishing BLs don't really apply.
> Anyway, can't you educate your users, that
> (a) Any administrative email will be sent from an official, well known,
> internal address? That means *not* an arbitrary address. Yes, sorry,
> the obvious...
> (b) They will *never* ever be asked for a password by mail. Period.
> Again, obvious...[/color]
We've been telling our users this for years, but there is always someone
who doesn't listen, or forgets, or something. I dont know. I find it
absolutely incredible that anyone would fall for any of these, yet I am
the one who has to clean up the mess :P
> Then block internal / administrative From addresses coming from any
> external SMTP.[/color]
Yeah, thats done, they dont get by faking our From, but the body is
constructed in a way to mislead and impersonate our "staff" or whatever,
usually by threatening people that their account will be closed, unless
> This is not a technical way to stopping these, but an educational
> approach to prevent the most dumb and gross social engineering. At least
> the second one actually should be well-known, and I've seen ISPs
> pointing it out frequently...[/color]
Thanks, but we've done all these, and continue to do them, they are
another plank in the various mechanisms that we must employ.