Stephen Toulouse - How do we protect against phishing attacks?

Sign in to queue

The Discussion

  • User profile image
    Nobody gets tricked by these things, that is why I am happy to download SP2 via the link in that e-mail Microsoft sent me.. For SP2 $20 is a bargain in my book. I am definitely going to buy SP3. Smiley

  • User profile image
    • In PHISHING, I'ts tough to distinguish between the REAL and SURREAL because so many Offers are like The Bogus; FREE ! ! !
    • Costly FREE ! ! ! Offers abound . . .
    • 1025 FREE ! ! ! Hours of Internet Service require a Credit Card or a Fort Knox Type or equivalent Checking Account . . . Anyway, I grow weary of this nonsense, and set my Filters Accordingly . . . Thanx, Wink
  • User profile image
    Often real world examples are taken to explain how computer problems are working. While this is sometimes a good approach, when speaking about emails and phishing "physical mail rules" just don't apply:

    1. Physical mass mail requires money
    Using physical mail both delivery and the medium (paper) cost an amount money. Emails (especially if send from hijacked mail servers) costs virtually nothing at all. You can reach millions of readers for a few hundred dollars.

    2. Physical mass mail requires b2b contacts
    Even if you are willing to invest in physical mail - you can't put 100.000 letters into the next postbox. You need to set up some kind of business contact with the delivery company to get the job done. They know who you are, they know at least your bank account. Emails can be send more or less anonymously.

    3. Physical mass mail is dumm
    A physical mail is the way it is. It's a piece of printed paper and it doesn't react on the reader. An email can be scripted, it can look up the system language and display text accordingly for example. It can fake it's origin way better than just writing "From: Your mom" on a brown piece of paper.

    4. Physical repsonse costs money and time
    Even if you get a "send back for free" return letter. Someone is going to pay for it (the "phisher") and you need to bring it to a postbox. Filling out a form on a website is fast and free.

    5. Physical mail cant't install malware
    For sure, you can add a cd to the physical mail - but there are the costs again. An email can just take over my entire pc, send mails to all of my friends and so on... A physical mail can contain a bomb - but please don't tell me you believe in "orange alerts" Wink

    6. Physical mail is inspected in more detail
    Since emails don't cost money, you get hundreds of them each and every day. You just investigate physical mail closer because you only get a few each day. When browsing through hundreds of traps the chance is high, you accidently get into one - no matter how good you are educated. To err is human.

    just my 2 cents

  • User profile image
    Nice... Was Stephen Toulouse sitting facing a cafeteria? I saw atleast two people walk by carrying coffee && 4 trash bins. Musing on inferred information leaks....
  • User profile image
    Yup, we were sitting next to the cafeteria in building 35, if I remember right.
  • User profile image
    Microsoft and other browser/email client product developers may be able do something very simple to minimize the phishing attacks.

    Most phishing attacks use IP address to direct users to sites that phish for information. These applications (explorer/email clients) can sense this and display a warning message to the user (or use an approach similar to pop-up blocking to completely disable the hyperlink).

    Am i missing something?


Add Your 2 Cents