Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: Phishing
From: Mathew Want <imortl1 () gmail com>
Date: Fri, 12 Apr 2013 16:49:03 +1000

Last time they sent out a warning email here along the lines of:

<warning_email>
We never ask for your username and password. If you get an email that looks
like:

"There is an issue with your account. Please reply with your username and
password and we will rectify it"

You should never reply to these messages with your details/
</warning_email>

50 people replied with their usernames and passwords. As much as user
education should be the answer, you cant put brains in pumpkins and you can
patch stoopid.

*sigh*. Looks like the only real answer is to have your systems set up in
such a way that when there is a compromise from this type of thing, they
cant do any damage or it is at least restricted. This is starting to sound
like a song we have sung before.....

Have a pleasant weekend all!

M@
-- 
"Some things are eternal by nature,
others by consequence"

On 11 April 2013 19:38, Paul D. Robertson <paul () compuwar net> wrote:

I've had friends tell me that they've never failed using fake LinkedIn
accounts when performing pen tests- I'm not sure how valuable training is,
but I'm reasonably confident it and Facebook are the top two common vectors.

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

On Apr 10, 2013, at 18:56, Dotzero <dotzero () gmail com> wrote:

Training is useful as long as it is appropriate training that the
enduser can reasonably implement.

As far as blocking Facebook/LinkedIn, I don't believe it is a
particularly useful approach. I prefer to educate endusers on ways to
mitigate risks.

An example of this is to never click on purported LinkedIn emails.
Delete them and log into the site to check the message. Another
example is to never accept an invitation to link from someone you
don't know unless someone you know vouches for them. Taking these
sorts of steps significantly reduces potential risks.

I do recommend applying SPF/DKIM/DMARC validation to inbound mail
streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
ahead of enterprises in doing this. Inbound email authentication
validation adds a layer of protection to protect your users and
organization. If you have a brand/domain at risk it is useful to
implement on the sending side to help protect your customers, partners
and vendors.

Reporting malicious URLs and redirectors that arrive in your inbox(s)
or traps to APWG is useful as is reporting them to the abuse contact
in whois or to the upstream provider.

A good practice is to also implement BCP38 outbound filtering. It
protects your reputation and ultimately helps everyone else from abuse
eminating from your network.

Just a few thoughts,

Mike

On Wed, Apr 10, 2013 at 5:52 PM, Paul D. Robertson <paul () compuwar net>
wrote:
Outside of constant training and blocking Facebook/LinkedIn does anyone
have any good pointers or tools for phishing/spear phishing threats?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

  By Date           By Thread  

Current thread:
  • Re: Phishing Mathew Want (Apr 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault