Security Basics mailing list archives
RE: Incident Handling for phishing attemts
From: "Murda Mcloud" <murdamcloud () bigpond com>
Date: Wed, 10 Oct 2007 10:19:47 +1000
Does your course of action depend on what kind of legal action etc that you may wish to take in the future? Image the drive that you had the phishing emails on? Something like that, along forensic lines. Keep copies of logs that might be pertinent? Was it a very specific phish? Ie targeting someone or or some entity in your organization? Try and work out how they got that info too, from an opsec POV. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sfmailsbm () gmail com Sent: Friday, October 05, 2007 2:55 PM To: security-basics () securityfocus com Subject: Incident Handling for phishing attemts Hi List, Just wanted to get a few suggections on how we might handle a phishing attempt? Some actions I thing abt: (a) Identify website, and contact owner/isp to take actions (b) Determine source of mail, and try to identify sender /report to domain ownner/isp any other "technical" actions that can taken? What about legal actions? Many many thanks Ron
Current thread:
- Incident Handling for phishing attemts sfmailsbm (Oct 05)
- Re: Incident Handling for phishing attemts Eric Marden (Oct 09)
- RE: Incident Handling for phishing attemts Murda Mcloud (Oct 09)
- <Possible follow-ups>
- Re: Incident Handling for phishing attemts anon (Oct 10)