Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y Newsgroups: sci.electronics.design Subject: Re: Phishing Date: Sat, 7 Sep 2024 15:18:19 -0700 Organization: A noiseless patient Spider Lines: 57 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sun, 08 Sep 2024 00:18:33 +0200 (CEST) Injection-Info: dont-email.me; posting-host="0653a2464c640fc67dedbce0322cbd50"; logging-data="1655370"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+G7K7ohwuqPv+7kFep68+D" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:utoAp4+y65ypYIPt7TnCiY9MfMc= In-Reply-To: Content-Language: en-US Bytes: 3485 On 9/7/2024 11:35 AM, Joerg wrote: > On 9/5/24 12:11 PM, Don Y wrote: >> I'm checking my "deflected" incoming mail to see if anything that >> *should* have been allowed through was mistakenly diverted >> (false positive). >> >> I see a fair number of phishing attempts on my "public" accounts. >> But, all are trivially identified as such. >> >> So, how is it that folks (organizations) are so often deceived >> by these things?  Are users just lazy?  Would it be more helpful >> to have mail clients make it HARDER to activate an embedded >> URL or "potentially compromised" attachment? >> >> Or, will the stupidity of users adapt, accordingly? > > I am generally stunned how naive people can be. "But it came from a PG&E > address and had a PG&E link in there!" ... "There is a customer service number > on your paper statements. Did you call them about that past due accusation?" > ... "Ahm, well, no". I see it more as laziness. They know there are ways to check but don't want to be "bothered" to do those things. "Didn't you check up on the 'company' before committing to that $20,000 swimming pool he was eager to sell you?" "But, he had a *truck* with the company's name on it!" (Wow, imagine how hard that would be to accomplish! ) > When it comes to politics and elections it's even worse. "But he had such a > nice smile!". Don't get me started ... I had *one* email slip through my (first version) of my filters. It was to a "non-public" account that I use so had to pass *just* my WhiteList (content is "trusted" from WhiteListed senders). It was a solicitation for money for a "friend" -- who was suspiciously not near his phone (yet ALWAYS sends mail FROM his phone!). That, coupled with the ambiguous/impersonal plea (e.g., not using my real name to address me) threw up flags. The "Reply-To" address (something I hadn't checked in previous filter designs, relying, instead, on the "From" address) cinched it: Instead of "Ray" it was "RRay". I replied: "Sure! I'll drop it off on my way out to shopping!" Of course, this put the emailer in a bit of a panic as I would now be in direct contact with the person he was impersonating and, as such, could alert him to the ongoing scam. Too late to prevent his ex-wife from sending $400 to "him"... Maybe she will have learned her lesson?