Phishing & BotNets
Re: explaining phishing to a naive user Jan 25 2007 10:27AM
Ian (cobalt-users1 fishnet co uk)
On 23 Jan 2007 at 23:43, Saeed Abu Nimeh wrote:

> Hi All,
> If I want to explain email phishing to set of user (novice,
> intermediate, and experts), can I summarize --let us say-- a list of 100
> questions that a user answers gradually to find if this email is
> phishing or not? Examples of questions I can think of:
> - does email contain html
> - does email contain java script
> - is there a mismatch between the url displayed in the email and the
> source link <a href>
> - does the email contain misspellings
> - does the email contain an open greeting (i.e. dear customer instead of
> dear j smith), etc.
> I was thinking of summarizing couple of hundred questions (or less)
> targeted to novice, intermediate and expert users. I have around 20
> thing in mind, however i was hoping to gt more.
> Thanks,
> Saeed
> p.s. of course answering one question by it self will not lead to the
> conclusion that this email is phishing. For example: email contains html
> does not mean it is automatically phishing


Forget all that and stick with the one golden rule:

Do not trust any email that asks you to log in, re-submit your
details, update your details, call with your details ( a new one)
etc. If in doubt look up the telephone number for the institution in
the phone book, give them a call and ask.

Otherwise your users will spend all their time analysing email and
you will go out of business because no one gets any work done
anymore. This does mean they will have no money to steal so there is
a plus side ;)


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus