Re: Anti-Phishing Strategies

[Pedro Fortuny Ayuso <info () pfortuny net>]

El 09/04/2008, a las 21:50, Timmothy Lester escribió:
> > We are doing all the "normal education stuff"
>
>
> It is my personal opinion that NORMAL education is not enough..   
> Most of
> the time this is just information that goes in one ear and out the
> other.  Since it's a "customer" you are dealing with, I don't know how
> you should be responsible, but in any case you need to TRAIN people
> rather than educate them.  You almost have to scare people, by holding
> them responsible for their ignorant actions.

I tend to agree. I guess (apart from restrictive filtering, only  
allowing
outbound access to certain web pages) the only way to prevent being
cheated is either by experience or by over-reaching security.

Is web **browsing** **really** necessary? Can your company live with  
just
accessing some banks and a couple of other well-known sites?

Pedro.


> -----Original Message-----
> From: listbounce () securityfocus com  
> [mailto:listbounce () securityfocus com]
> On Behalf Of Al Cooper
> Sent: Wednesday, April 09, 2008 1:11 PM
> To: security-basics () securityfocus com
> Subject: Anti-Phishing Strategies
>
> One of my customers has recently been a target of a targeted and
> somewhat
> successful phishing attack.  I am looking at strategies to counteract
> this
> and future attacks.  We are doing all the normal education stuff, but
> the
> customer base is large.
>
> I am looking at companies like MarkMonitor & Cyveillance.  Does anyone
> have
> any experience with these type of companies?
>
> Any other strategies that I should consider?
>
> Thanks for your help,
>
>
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.



--
Pedro Fortuny Ayuso.
Desarrollo y mantenimiento de Redes. Seguridad.
Analisis de Datos.
www.pfortuny.net
C/Capuchinos 14, 1-s. 47006 Valladolid, SPAIN