Re: trustedopinion.com
Eloise Carlton writes: > Thank you for taking the time to report and share this information. We > have initiated an investigative process on this report and during the > investigative period we have downgraded the sender's accreditation > level. Thank you, Eloise. I greatly appreciate Habeas' responsiveness, and have new respect for the service. Fletcher
webmail phishing?
Hi, Before I try to roll my own, does anyone have a set of rules or a plugin designed to detect all these webmail account phishes. You know -- the kind that pretend to be a webmail administrator who informs the user his/her webmail account is being upgraded or has exceeded quota or whatever .. And that it is necessary for the user to send them a login/password pair for validation? One commonly used indicator is username: password: and many variations of the same. They frequently use a Reply-To header with a From header of the local organization (university, in our case). I would also be interested in a more general ruleset to identify other types of identity theft via personal data such as DOB, SSN, PIN, etc. One would hope that users have seen so many of these by now that they would immediately detect them as fraudulent. But at a large university we have an ever-renewing crop of naive users. Thanks, Fletcher
regex anchor for start of line in body
I seem to be having a hard time writing rules which anchor a string to the start of the line in the body of a text message. e.g., suppose I get a lot of phish which contain text (not html) like this: Username:.. Password:.. I try what seemed intuitively easy: body__PHISH1/^Password\b/i body__PHISH0/^Username\b/i metaPHISH __PHISH1 && __PHISH0 But the rule does not hit unless I remove the '^' from the above regex. What am I missing? Thanks, Fletcher fletcher at cs.utexas.edu
how to count lines in the body
Hi Can someone suggest a rule (or rules) which will count the number of lines in the body of a mail message? Or alternatively, a rule which will tell me if a message contains less than N lines in its body? Suppose, for example, I am looking to penalize messages which contain a specific url and contain between 1 and 4 lines of text in the body. Is SA capable of doing such a thing? Thanks Fletcher
