Deutsch   English   Français   Italiano  
<lk95rrF37u6U1@mid.individual.net>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!weretis.net!feeder9.news.weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Joerg <news@analogconsultants.com>
Newsgroups: sci.electronics.design
Subject: Re: Phishing
Date: Mon, 9 Sep 2024 13:58:35 -0700
Lines: 68
Message-ID: <lk95rrF37u6U1@mid.individual.net>
References: <vbcvp4$eoqp$1@dont-email.me> <lk3ko1F881iU1@mid.individual.net>
 <vbijfn$1igia$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: individual.net Fec4zSX0+sCFRVX1Kvk7ZAYYVYETJFGiDgYxfP8HceVgaYmirH
Cancel-Lock: sha1:TV8gxOMVChPGE8F0cbDpgBi1BR4= sha256:/mjksBfO5wBMLoBRKm8fHNsGyUl+g6kiCRe5UJs5pAk=
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.8.1
In-Reply-To: <vbijfn$1igia$1@dont-email.me>
Content-Language: en-US
Bytes: 3804

On 9/7/24 3:18 PM, Don Y wrote:
> On 9/7/2024 11:35 AM, Joerg wrote:
>> On 9/5/24 12:11 PM, Don Y wrote:
>>> I'm checking my "deflected" incoming mail to see if anything that
>>> *should* have been allowed through was mistakenly diverted
>>> (false positive).
>>>
>>> I see a fair number of phishing attempts on my "public" accounts.
>>> But, all are trivially identified as such.
>>>
>>> So, how is it that folks (organizations) are so often deceived
>>> by these things?  Are users just lazy?  Would it be more helpful
>>> to have mail clients make it HARDER to activate an embedded
>>> URL or "potentially compromised" attachment?
>>>
>>> Or, will the stupidity of users adapt, accordingly?
>>
>> I am generally stunned how naive people can be. "But it came from a 
>> PG&E address and had a PG&E link in there!" ... "There is a customer 
>> service number on your paper statements. Did you call them about that 
>> past due accusation?" ... "Ahm, well, no".
> 
> I see it more as laziness.  They know there are ways to check
> <whatever> but don't want to be "bothered" to do those things.
> 
> "Didn't you check up on the 'company' before committing to that $20,000
> swimming pool he was eager to sell you?"
> 
> "But, he had a *truck* with the company's name on it!"
> 
> (Wow, imagine how hard that would be to accomplish!  <rollseyes>)
> 
>> When it comes to politics and elections it's even worse. "But he had 
>> such a nice smile!". Don't get me started ...
> 
> I had *one* email slip through my (first version) of my filters.
> It was to a "non-public" account that I use so had to pass *just*
> my WhiteList (content is "trusted" from WhiteListed senders).
> 
> It was a solicitation for money for a "friend" -- who was
> suspiciously not near his phone (yet ALWAYS sends mail FROM his
> phone!).  That, coupled with the ambiguous/impersonal plea
> (e.g., not using my real name to address me) threw up flags.
> 
> The "Reply-To" address (something I hadn't checked in previous
> filter designs, relying, instead, on the "From" address) cinched it:
> Instead of "Ray" it was "RRay".
> 
> I replied:  "Sure!  I'll drop it off on my way out to shopping!"
> 
> Of course, this put the emailer in a bit of a panic as I would now
> be in direct contact with the person he was impersonating and, as
> such, could alert him to the ongoing scam.
> 
> Too late to prevent his ex-wife from sending $400 to "him"...
> 
> Maybe she will have learned her lesson?
> 

Mine was a phone call. Heavy Indian accent, "This is the Windows 
company. We would like to help you solve a problem we have detected with 
your Windows"... me "Oh yeah, you are right, there are at least nine 
windows here that really need cleaning. Do you use Windex for that?"

-- 
Regards, Joerg

http://www.analogconsultants.com/