Stephen Toulouse - How do we protect against phishing attacks?

Download this episode

Download Video

Description

Phishing attacks are becoming more frequent. What's a phish attack? When a criminal makes an email that looks like it came from a company like eBay. Tricks the user into entering passwords or credit card numbers. Here's some things to do to protect yourself.

Tag:

Security

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Manip
      Nobody gets tricked by these things, that is why I am happy to download SP2 via the link in that e-mail Microsoft sent me.. For SP2 $20 is a bargain in my book. I am definitely going to buy SP3. Smiley

    • User profile image
      WINDOSUN_​OSCODB72
      • In PHISHING, I'ts tough to distinguish between the REAL and SURREAL because so many Offers are like The Bogus; FREE ! ! !
      • Costly FREE ! ! ! Offers abound . . .
      • 1025 FREE ! ! ! Hours of Internet Service require a Credit Card or a Fort Knox Type or equivalent Checking Account . . . Anyway, I grow weary of this nonsense, and set my Filters Accordingly . . . Thanx, Wink
    • User profile image
      mikx
      Often real world examples are taken to explain how computer problems are working. While this is sometimes a good approach, when speaking about emails and phishing "physical mail rules" just don't apply:

      1. Physical mass mail requires money
      Using physical mail both delivery and the medium (paper) cost an amount money. Emails (especially if send from hijacked mail servers) costs virtually nothing at all. You can reach millions of readers for a few hundred dollars.

      2. Physical mass mail requires b2b contacts
      Even if you are willing to invest in physical mail - you can't put 100.000 letters into the next postbox. You need to set up some kind of business contact with the delivery company to get the job done. They know who you are, they know at least your bank account. Emails can be send more or less anonymously.

      3. Physical mass mail is dumm
      A physical mail is the way it is. It's a piece of printed paper and it doesn't react on the reader. An email can be scripted, it can look up the system language and display text accordingly for example. It can fake it's origin way better than just writing "From: Your mom" on a brown piece of paper.

      4. Physical repsonse costs money and time
      Even if you get a "send back for free" return letter. Someone is going to pay for it (the "phisher") and you need to bring it to a postbox. Filling out a form on a website is fast and free.

      5. Physical mail cant't install malware
      For sure, you can add a cd to the physical mail - but there are the costs again. An email can just take over my entire pc, send mails to all of my friends and so on... A physical mail can contain a bomb - but please don't tell me you believe in "orange alerts" Wink

      6. Physical mail is inspected in more detail
      Since emails don't cost money, you get hundreds of them each and every day. You just investigate physical mail closer because you only get a few each day. When browsing through hundreds of traps the chance is high, you accidently get into one - no matter how good you are educated. To err is human.

      just my 2 cents
      mikx

    • User profile image
      atag
      Nice... Was Stephen Toulouse sitting facing a cafeteria? I saw atleast two people walk by carrying coffee && 4 trash bins. Musing on inferred information leaks....
    • User profile image
      scobleizer
      Yup, we were sitting next to the cafeteria in building 35, if I remember right.
    • User profile image
      ravikumar_t​hiagarajan
      Microsoft and other browser/email client product developers may be able do something very simple to minimize the phishing attacks.

      Most phishing attacks use IP address to direct users to sites that phish for information. These applications (explorer/email clients) can sense this and display a warning message to the user (or use an approach similar to pop-up blocking to completely disable the hyperlink).

      Am i missing something?

      regards

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.