Security Basics mailing list archives
Re: Anti-Phishing Strategies
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Fri, 11 Apr 2008 15:04:23 -0700
Depends on your infrastructure. Most phishing attacks come through email, so I'd crank up the security of your email - in particular, I'd do all I could to enforce that you validate senders (so that mail with spoofed senders gets rejected) and quarantine email with the most dangerous attachments (all Microsoft-style documents such as .xls, .doc, .ppt etc., and probably PDFs and zip files as well) so that they must be deliberately rescued by the recipient. User education is wasted if it's only of the kind that says to users "don't open attachments from people you don't know", etc. Much better (if your org or user base can tolerate it) might be to send email that actually tempts users to do silly things, and then chides them for it. There's no lesson quite like having the firecracker go off in your hand, and if you give them one that makes a loud noise without actually blowing off their fingers, they'll be careful when they handle the really dangerous stuff. Kurt On Wed, Apr 9, 2008 at 10:11 AM, Al Cooper <cooper () hmcnetworks com> wrote:
One of my customers has recently been a target of a targeted and somewhat successful phishing attack. I am looking at strategies to counteract this and future attacks. We are doing all the normal education stuff, but the customer base is large. I am looking at companies like MarkMonitor & Cyveillance. Does anyone have any experience with these type of companies? Any other strategies that I should consider? Thanks for your help, -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Anti-Phishing Strategies Al Cooper (Apr 09)
- RE: Anti-Phishing Strategies Timmothy Lester (Apr 10)
- Re: Anti-Phishing Strategies Pedro Fortuny Ayuso (Apr 11)
- RE: Anti-Phishing Strategies Scott Race (Apr 11)
- Re: Anti-Phishing Strategies p1g (Apr 13)
- Re: Anti-Phishing Strategies Pedro Fortuny Ayuso (Apr 11)
- Re: Anti-Phishing Strategies Kurt Buff (Apr 11)
- RE: Anti-Phishing Strategies Timmothy Lester (Apr 10)