Phishing & BotNets
RE: explaining phishing to a naive user Jan 24 2007 11:11PM
Mark Hofman (mhofman shearwater com au) (1 replies)

There is a fairly easy question that will identify almost 100% of all
phising emails.

Does the email ask you to click a link to provide your personal details
such as login details or credit card details (you could ask a few more
things here) . You can further qualify it by saying did you ask for the
email? Eg password reset on a web site or similar.

If the answer is yes. Then it is a phising email.

-----Original Message-----
From: Saeed Abu Nimeh [mailto:drellman (at) hotmail (dot) com [email concealed]]
Sent: Wednesday, 24 January 2007 4:43 PM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: explaining phishing to a naive user

Hi All,
If I want to explain email phishing to set of user (novice,
intermediate, and experts), can I summarize --let us say-- a list of 100
questions that a user answers gradually to find if this email is
phishing or not? Examples of questions I can think of:
- does email contain html
- does email contain java script
- is there a mismatch between the url displayed in the email and the
source link <a href>
- does the email contain misspellings
- does the email contain an open greeting (i.e. dear customer instead of
dear j smith), etc.
I was thinking of summarizing couple of hundred questions (or less)
targeted to novice, intermediate and expert users. I have around 20
thing in mind, however i was hoping to gt more.
p.s. of course answering one question by it self will not lead to the
conclusion that this email is phishing. For example: email contains html
does not mean it is automatically phishing

[ reply ]
RE: explaining phishing to a naive user Jan 27 2007 03:47AM
Paul, Sandeep (spaul ipolicynetworks com)


Privacy Statement
Copyright 2010, SecurityFocus