QUOTE
Only you can prevent phishing attacks
by Dennis O'Reilly | October 10, 2011 9:40 AM PDT
As I sorted through several dozen newly arrived e-mails this morning I noticed one from "Provider Inc." with "Order Sales Order" in the subject line. "da** phishers," I thought as I prepared to send the message to the digital Dumpster.
On second thought, I wondered what would make someone fall for a message that appeared to me like an obvious phishing attempt. Well, people respond to sales receipts even if they haven't bought anything online recently--nobody wants to be charged for something they didn't buy.
So "Sales Order" was the first hook. After opening the message--carefully--the clues to its bogus nature were everywhere. "North Luigi, AZ"? Are you kidding me? A fax number with a prefix of "006"? C'mon. The sad fact is, some of the poor souls the phisher targets with this e-mail will take the bait.
...
As phishing attempts go, this one was fairly well crafted. First, it managed to get through Gmail's built-in phishing filters. Second, it resembles a real invoice. You have to look closely to find the grammar errors and other mistakes that confirm a fake: "till" instead of "until," double "at," duplicate street addresses, and mismatched ZIP codes.
User education is the key to phishing prevention
Phishers are the scum of the earth. According to CommTouch's October 2011 State of Hacked Accounts report (pdf), phishing e-mails are being sent increasingly from compromised accounts rather than from "zombie" addresses. This makes it more difficult for your e-mail provider to block the messages because they appear to originate from trusted domains.
More about that advise at:
http://howto.cnet.co...ishing-attacks/
by Dennis O'Reilly | October 10, 2011 9:40 AM PDT
As I sorted through several dozen newly arrived e-mails this morning I noticed one from "Provider Inc." with "Order Sales Order" in the subject line. "da** phishers," I thought as I prepared to send the message to the digital Dumpster.
On second thought, I wondered what would make someone fall for a message that appeared to me like an obvious phishing attempt. Well, people respond to sales receipts even if they haven't bought anything online recently--nobody wants to be charged for something they didn't buy.
So "Sales Order" was the first hook. After opening the message--carefully--the clues to its bogus nature were everywhere. "North Luigi, AZ"? Are you kidding me? A fax number with a prefix of "006"? C'mon. The sad fact is, some of the poor souls the phisher targets with this e-mail will take the bait.
...
As phishing attempts go, this one was fairly well crafted. First, it managed to get through Gmail's built-in phishing filters. Second, it resembles a real invoice. You have to look closely to find the grammar errors and other mistakes that confirm a fake: "till" instead of "until," double "at," duplicate street addresses, and mismatched ZIP codes.
User education is the key to phishing prevention
Phishers are the scum of the earth. According to CommTouch's October 2011 State of Hacked Accounts report (pdf), phishing e-mails are being sent increasingly from compromised accounts rather than from "zombie" addresses. This makes it more difficult for your e-mail provider to block the messages because they appear to originate from trusted domains.
More about that advise at:
http://howto.cnet.co...ishing-attacks/
