Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Stephen Toulouse - How do we protect against phishing attacks?

Download

Right click “Save as…”

Phishing attacks are becoming more frequent. What's a phish attack? When a criminal makes an email that looks like it came from a company like eBay. Tricks the user into entering passwords or credit card numbers. Here's some things to do to protect yourself.

Tag:

Follow the Discussion

  • Nobody gets tricked by these things, that is why I am happy to download SP2 via the link in that e-mail Microsoft sent me.. For SP2 $20 is a bargain in my book. I am definitely going to buy SP3. Smiley

    • In PHISHING, I'ts tough to distinguish between the REAL and SURREAL because so many Offers are like The Bogus; FREE ! ! !
    • Costly FREE ! ! ! Offers abound . . .
    • 1025 FREE ! ! ! Hours of Internet Service require a Credit Card or a Fort Knox Type or equivalent Checking Account . . . Anyway, I grow weary of this nonsense, and set my Filters Accordingly . . . Thanx, Wink
  • mikxmikx mikx
    Often real world examples are taken to explain how computer problems are working. While this is sometimes a good approach, when speaking about emails and phishing "physical mail rules" just don't apply:

    1. Physical mass mail requires money
    Using physical mail both delivery and the medium (paper) cost an amount money. Emails (especially if send from hijacked mail servers) costs virtually nothing at all. You can reach millions of readers for a few hundred dollars.

    2. Physical mass mail requires b2b contacts
    Even if you are willing to invest in physical mail - you can't put 100.000 letters into the next postbox. You need to set up some kind of business contact with the delivery company to get the job done. They know who you are, they know at least your bank account. Emails can be send more or less anonymously.

    3. Physical mass mail is dumm
    A physical mail is the way it is. It's a piece of printed paper and it doesn't react on the reader. An email can be scripted, it can look up the system language and display text accordingly for example. It can fake it's origin way better than just writing "From: Your mom" on a brown piece of paper.

    4. Physical repsonse costs money and time
    Even if you get a "send back for free" return letter. Someone is going to pay for it (the "phisher") and you need to bring it to a postbox. Filling out a form on a website is fast and free.

    5. Physical mail cant't install malware
    For sure, you can add a cd to the physical mail - but there are the costs again. An email can just take over my entire pc, send mails to all of my friends and so on... A physical mail can contain a bomb - but please don't tell me you believe in "orange alerts" Wink

    6. Physical mail is inspected in more detail
    Since emails don't cost money, you get hundreds of them each and every day. You just investigate physical mail closer because you only get a few each day. When browsing through hundreds of traps the chance is high, you accidently get into one - no matter how good you are educated. To err is human.

    just my 2 cents
    mikx

  • Nice... Was Stephen Toulouse sitting facing a cafeteria? I saw atleast two people walk by carrying coffee && 4 trash bins. Musing on inferred information leaks....
  • scobleizerscobleizer I'm the video guy
    Yup, we were sitting next to the cafeteria in building 35, if I remember right.
  • Microsoft and other browser/email client product developers may be able do something very simple to minimize the phishing attacks.

    Most phishing attacks use IP address to direct users to sites that phish for information. These applications (explorer/email clients) can sense this and display a warning message to the user (or use an approach similar to pop-up blocking to completely disable the hyperlink).

    Am i missing something?

    regards

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.