How to Proactivly protect against Phising attacks?

[infolookup at gmail.com (infolookup at gmail.com)]

Thanks for all the response that I have gotten so far, the steps that we have taken are;

1. Contact our Gateway vendor for new ways on  blocking spammers

2. Sent out emails to our community informing them to never send there personal information and forward us any suspects 
emails.

3. Also try to remove the emails before our users get to them when possible.


I am mostly concern as to what other methods are everyone else using, also if anyone has Astaro how are you using it?

Has anyone tried tracking down Spammers or a Botnet before in the hopes of monitoring what the are up to?
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "Jim Halfpenny" <jim.halfpenny at gmail.com>

Date: Thu, 18 Dec 2008 14:11:05 
To: <infolookup at gmail.com>; PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] How to Proactivly protect against Phising attacks?


You can check out the headers of the email address. They could indicate
where the emails originated from which may or may not be helpful. Check your
mail relay to ensure that it's secure and does not accept mail originating
from your domain from the internet. If you need to accept mail from your
users from outside your network consider using SSL and authentication.

You should give some consideration to the motive of these attacks. Are the
passwords useful for anthing else other than email? Are the same passwords
used for desktop logins, VPN, web applications etc.

Regards,
Jim

2008/12/18 <infolookup at gmail.com>

> Hello All:
>
> We have been targeted a lot recently by what seem to be the same group of
> spammers trying to get email credentials from our users.
>
> Each time the try to change the email format so it looks more like a
> legitimate email from our IT department. Not to mention sending from
> different email accounts each time.
>
> Any idea how we can go about trying to track down the origin of these
> emails(mail server or actually host sending the emails), and notify the ISP
> or someone?
>
> Or even proactivly block these Phising attacks. How do others deal with
> this type of behaviors?
>
> Our setup --?Astaro Email Gateway, and Exchange 2003.
>
> All ideas are welcomed.
> Sent from my Verizon Wireless BlackBerry
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081218/bce17965/attachment.htm