Karsten Bräckelmann <[EMAIL PROTECTED]> writes:

> On Sat, 2008-11-01 at 11:30 -0400, Micah Anderson wrote:
>> Joseph Brennan <[EMAIL PROTECTED]> writes:
>
>> > Do you mean attempts to get your users to send their passwords,
>> > or fake mail pretending to be from banks?
>> 
>> I mean attempts to get my users to send their passwords, are these not
>> called phishing?
>
> An important bit of information, missing from the OP. :)  Targeted
> attacks at your users, so the general phishing BLs don't really apply.
>
> Anyway, can't you educate your users, that
>
> (a) Any administrative email will be sent from an official, well known,
>     internal address? That means *not* an arbitrary address. Yes, sorry,
>     the obvious...
> (b) They will *never* ever be asked for a password by mail. Period.
>     Again, obvious...

We've been telling our users this for years, but there is always someone
who doesn't listen, or forgets, or something. I dont know. I find it
absolutely incredible that anyone would fall for any of these, yet I am
the one who has to clean up the mess :P

> Then block internal / administrative From addresses coming from any
> external SMTP.

Yeah, thats done, they dont get by faking our From, but the body is
constructed in a way to mislead and impersonate our "staff" or whatever,
usually by threatening people that their account will be closed, unless
they reply.

> This is not a technical way to stopping these, but an educational
> approach to prevent the most dumb and gross social engineering. At least
> the second one actually should be well-known, and I've seen ISPs
> pointing it out frequently...

Thanks, but we've done all these, and continue to do them, they are
another plank in the various mechanisms that we must employ.

micah

Reply via email to