----------------------------------------
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Sat, 19 Mar 2011 06:02:31 +0100
> [....]
> As I mentioned earlier, spear phishing (which are highly targeted) will
> not have a hard time evading any filter. General phishing would be a
> quite lower hanging fruit, and much easier get caught.
>
IMO spear phish varies depending on how targeted they are:
1- there are ones that are slightly generic to a company, e.g. phishers get a
list of emails from their portal along with the rules, and then start sending
emails according to that little info -- which can still be very effective
though). emails like "hey foo, I'm your colleage bar, wanna check this link?"
(the link contains malware)
2- more speficic ones, with more details, such as a phisher knowing specific
information on activities the victim running (e.g. sales operation, detailed
info about a latest conversation with his boss, and expected list of follow
ups).
2- is very hard to solve, even when humans are trained.. we can safely exclude
them and wait 100,000s of years until humans evolve, and let's hope that the
evolved humans don't have the Ph-gene also evolving with them.
point 1- is what humans can solve partially, based on some dummy/fake
spear-looking phish crafted by a human for sake of evaluating the result.
either way, none are evaluated to see their realistic effect on real spear. but
at least 1- is evaluated on fake spear-looking mails crafted by some evaluators
welling to write papers (better than nothing)
a funny case is, when a spear type -1 turns into a type -2, similar to this
case: http://www.schneier.com/blog/archives/2010/05/cory_doctorow_g.html
basically: Cory Doctorow got phished only because he recieved that phish during
a specific moment (formating his iPhone).
.
