Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Anti-Phishing Strategies

From: "Timmothy Lester" <Timmothy.Lester () primeadvisors com>
Date: Wed, 9 Apr 2008 12:50:04 -0700
We are doing all the "normal education stuff"

It is my personal opinion that NORMAL education is not enough..  Most of
the time this is just information that goes in one ear and out the
other.  Since it's a "customer" you are dealing with, I don't know how
you should be responsible, but in any case you need to TRAIN people
rather than educate them.  You almost have to scare people, by holding
them responsible for their ignorant actions.

A little off subject  -- I think that everyone that owns a piece of
equipment should be responsible for it and have the correct knowledge to
maintain and use it.  There is a healthy swarm of botnets and drones
scouring the net because people don't take simple precautions, and
people don't care enough to learn.

Lame analogy -- If you own a car, you should know when the breaks are
going bad and change them before you crash and hurt someone.   It's your
responsibility to make sure you are able to stop your vehicle.  Whether
or not you ask your husband or mechanic to check them (that's your
choice).  If you own/use a computer, you have two choices.  Have someone
who knows how to use the machine maintain your security updates, check
mail before you get it, and check every webpage before you visit it, OR
LEARN and ask if your unsure.

* I'd be interested to see what the "targeted and somewhat successful
phishing attack" was.  If a company is "targeted", there is no software
solution that can filter out every phishing "attack".
 
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Al Cooper
Sent: Wednesday, April 09, 2008 1:11 PM
To: security-basics () securityfocus com
Subject: Anti-Phishing Strategies

One of my customers has recently been a target of a targeted and
somewhat
successful phishing attack.  I am looking at strategies to counteract
this
and future attacks.  We are doing all the normal education stuff, but
the
customer base is large.

I am looking at companies like MarkMonitor & Cyveillance.  Does anyone
have
any experience with these type of companies?  

Any other strategies that I should consider?

Thanks for your help,





-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Previous By Date Next
Previous By Thread Next

Current thread: