mailing list archives
RE: Incident Handling for phishing attemts
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Wed, 10 Oct 2007 10:19:47 +1000
Does your course of action depend on what kind of legal action etc that you
may wish to take in the future? Image the drive that you had the phishing
emails on? Something like that, along forensic lines. Keep copies of logs
that might be pertinent?
Was it a very specific phish? Ie targeting someone or or some entity in your
organization? Try and work out how they got that info too, from an opsec
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of sfmailsbm () gmail com
Sent: Friday, October 05, 2007 2:55 PM
To: security-basics () securityfocus com
Subject: Incident Handling for phishing attemts
Just wanted to get a few suggections on how we might handle a phishing
Some actions I thing abt:
(a) Identify website, and contact owner/isp to take actions
(b) Determine source of mail, and try to identify sender /report to domain
any other "technical" actions that can taken?
What about legal actions?
Many many thanks