Re: phishing irony

[Jesse Thompson <jesse.thompson () DOIT WISC EDU>]

Ah, good call.  The message went through another EDU mail server first,
which appears to have added the warning.

It fooled me :-)  I thought it was an attempt by the phisher to diffuse
the users' perception of risk.

Adding the warning might not be a bad idea, but I think that it should
state that the warning was added to the message after it was sent.

=======================================================================
 Warning: the content of this message indicates that it might be
 an attempt to steal your private information.

 PHISHING: Legitimate organizations NEVER ask for your SSN, password,
 account number, or other personal data.  Do NOT ever provide such
 information to anyone via email.
=======================================================================

Jesse

Dan Oachs wrote:
> Is there any chance that someones outbound mailserver added that to the
> top of the message as a warning?  Would be an interesting idea but
> probably would not stop many users from responding with their password
> anyway :)
>
> --Dan
>
>
> Jesse Thompson wrote:
> > I found a phish message today with the following at the top of the
> > message:
> >
> > ========================================================================
> > PHISHING: Legitimate organizations NEVER ask for your SSN, password,
> > account number, or other personal data.  Do NOT ever provide such
> > information to anyone via email.
> > ========================================================================
> >
> > It was then followed by the usual request to reply to the @live.com
> > address with account credentials.
> >
> > I can't figure out if the phishers are being stupid or genius.
> >
> > Jesse

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM: jesse.thompson () doit wisc edu

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature