Karsten Bräckelmann <[EMAIL PROTECTED]> writes: > On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote: >> Joseph Brennan <[EMAIL PROTECTED]> writes: > >> > Do you mean attempts to get your users to send their passwords, >> > or fake mail pretending to be from banks? >> >> I mean attempts to get my users to send their passwords, are these not >> called phishing? > > An important bit of information, missing from the OP. :) Targeted > attacks at your users, so the general phishing BLs don't really apply. > > Anyway, can't you educate your users, that > > (a) Any administrative email will be sent from an official, well known, > internal address? That means *not* an arbitrary address. Yes, sorry, > the obvious... > (b) They will *never* ever be asked for a password by mail. Period. > Again, obvious...
We've been telling our users this for years, but there is always someone who doesn't listen, or forgets, or something. I dont know. I find it absolutely incredible that anyone would fall for any of these, yet I am the one who has to clean up the mess :P > Then block internal / administrative From addresses coming from any > external SMTP. Yeah, thats done, they dont get by faking our From, but the body is constructed in a way to mislead and impersonate our "staff" or whatever, usually by threatening people that their account will be closed, unless they reply. > This is not a technical way to stopping these, but an educational > approach to prevent the most dumb and gross social engineering. At least > the second one actually should be well-known, and I've seen ISPs > pointing it out frequently... Thanks, but we've done all these, and continue to do them, they are another plank in the various mechanisms that we must employ. micah