Phishing & BotNets
RE: explaining phishing to a naive user Jan 24 2007 11:11PM
Mark Hofman (mhofman shearwater com au) (1 replies)
RE: explaining phishing to a naive user Jan 27 2007 03:47AM
Paul, Sandeep (spaul ipolicynetworks com)
Hello Everybody,

To add into what Mark has said, it is not the only way of identity
Of course, this is one way but if we look into other methods of phishing
attacks like vishing, wherein you may be asked to contact some helpline
number. Mainly this is a voice based phishing.

Then there can be forms within the email.

Thanks and Regards

Sandeep Paul

-----Original Message-----
From: Mark Hofman [mailto:mhofman (at) (dot) au [email concealed]]
Sent: Thursday, January 25, 2007 4:41 AM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: explaining phishing to a naive user


There is a fairly easy question that will identify almost 100% of all
phising emails.

Does the email ask you to click a link to provide your personal details
such as login details or credit card details (you could ask a few more
things here) . You can further qualify it by saying did you ask for the
email? Eg password reset on a web site or similar.

If the answer is yes. Then it is a phising email.

-----Original Message-----
From: Saeed Abu Nimeh [mailto:drellman (at) hotmail (dot) com [email concealed]]
Sent: Wednesday, 24 January 2007 4:43 PM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: explaining phishing to a naive user

Hi All,
If I want to explain email phishing to set of user (novice,
intermediate, and experts), can I summarize --let us say-- a list of 100
questions that a user answers gradually to find if this email is
phishing or not? Examples of questions I can think of:
- does email contain html
- does email contain java script
- is there a mismatch between the url displayed in the email and the
source link <a href>
- does the email contain misspellings
- does the email contain an open greeting (i.e. dear customer instead of
dear j smith), etc.
I was thinking of summarizing couple of hundred questions (or less)
targeted to novice, intermediate and expert users. I have around 20
thing in mind, however i was hoping to gt more.
p.s. of course answering one question by it self will not lead to the
conclusion that this email is phishing. For example: email contains html
does not mean it is automatically phishing

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus