-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Saeed,

On 24 Jan 2007, at 06:43, Saeed Abu Nimeh wrote:

> Hi All,
> If I want to explain email phishing to set of user (novice,
> intermediate, and experts), can I summarize --let us say-- a list
> of 100
> questions that a user answers gradually to find if this email is
> phishing or not? Examples of questions I can think of:
> - does email contain html
> - does email contain java script
> - is there a mismatch between the url displayed in the email and the
> source link <a href>
> - does the email contain misspellings
> - does the email contain an open greeting (i.e. dear customer
> instead of
> dear j smith), etc.
> I was thinking of summarizing couple of hundred questions (or less)
> targeted to novice, intermediate and expert users. I have around 20
> thing in mind, however i was hoping to gt more.
[SNIP]
I'm not sure this would be very effective. If a lambda user has to go
through a hundred items checklist every time (s)he sees an email,
that list will very soon take a plunge in the trash bin. But you
could try to show them a few of the videos at http://www.educause.edu/
content.asp?page_id=7103&bhcp=1. One of the most interesting in your
case is "Bob, you've been phised".

HTH,

Lionel

- --
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385 https://cert.belnet.be/
Fax: +32 2 7903375 PGP Key Id: 0x5662FD4B

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFF0toEDd3gqVZi/UsRArKoAJ4vRrQu9zykTcX+E6vAdIHWKrH7uQCcCAd4
EEcRT1KS4/vBpqReNq5W/iI=
=DQJh
-----END PGP SIGNATURE-----

[ reply ]