Firewall Wizards mailing list archives
Re: Phishing
From: Mathew Want <imortl1 () gmail com>
Date: Fri, 12 Apr 2013 16:49:03 +1000
Last time they sent out a warning email here along the lines of: <warning_email> We never ask for your username and password. If you get an email that looks like: "There is an issue with your account. Please reply with your username and password and we will rectify it" You should never reply to these messages with your details/ </warning_email> 50 people replied with their usernames and passwords. As much as user education should be the answer, you cant put brains in pumpkins and you can patch stoopid. *sigh*. Looks like the only real answer is to have your systems set up in such a way that when there is a compromise from this type of thing, they cant do any damage or it is at least restricted. This is starting to sound like a song we have sung before..... Have a pleasant weekend all! M@ -- "Some things are eternal by nature, others by consequence" On 11 April 2013 19:38, Paul D. Robertson <paul () compuwar net> wrote:
I've had friends tell me that they've never failed using fake LinkedIn accounts when performing pen tests- I'm not sure how valuable training is, but I'm reasonably confident it and Facebook are the top two common vectors. Paul -- President and Chairman, FluidIT Group Moderator, Firewall-Wizards http://pauldrobertson.net http://pauldrobertson.com @compuwar On Apr 10, 2013, at 18:56, Dotzero <dotzero () gmail com> wrote:Training is useful as long as it is appropriate training that the enduser can reasonably implement. As far as blocking Facebook/LinkedIn, I don't believe it is a particularly useful approach. I prefer to educate endusers on ways to mitigate risks. An example of this is to never click on purported LinkedIn emails. Delete them and log into the site to check the message. Another example is to never accept an invitation to link from someone you don't know unless someone you know vouches for them. Taking these sorts of steps significantly reduces potential risks. I do recommend applying SPF/DKIM/DMARC validation to inbound mail streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are ahead of enterprises in doing this. Inbound email authentication validation adds a layer of protection to protect your users and organization. If you have a brand/domain at risk it is useful to implement on the sending side to help protect your customers, partners and vendors. Reporting malicious URLs and redirectors that arrive in your inbox(s) or traps to APWG is useful as is reporting them to the abuse contact in whois or to the upstream provider. A good practice is to also implement BCP38 outbound filtering. It protects your reputation and ultimately helps everyone else from abuse eminating from your network. Just a few thoughts, Mike On Wed, Apr 10, 2013 at 5:52 PM, Paul D. Robertson <paul () compuwar net>wrote:Outside of constant training and blocking Facebook/LinkedIn does anyonehave any good pointers or tools for phishing/spear phishing threats?Paul -- President and Chairman, FluidIT Group Moderator, Firewall-Wizards http://pauldrobertson.net http://pauldrobertson.com @compuwar _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Phishing Mathew Want (Apr 12)