Deutsch English Français Italiano |
<lk95rrF37u6U1@mid.individual.net> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Joerg <news@analogconsultants.com> Newsgroups: sci.electronics.design Subject: Re: Phishing Date: Mon, 9 Sep 2024 13:58:35 -0700 Lines: 68 Message-ID: <lk95rrF37u6U1@mid.individual.net> References: <vbcvp4$eoqp$1@dont-email.me> <lk3ko1F881iU1@mid.individual.net> <vbijfn$1igia$1@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net Fec4zSX0+sCFRVX1Kvk7ZAYYVYETJFGiDgYxfP8HceVgaYmirH Cancel-Lock: sha1:TV8gxOMVChPGE8F0cbDpgBi1BR4= sha256:/mjksBfO5wBMLoBRKm8fHNsGyUl+g6kiCRe5UJs5pAk= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.1 In-Reply-To: <vbijfn$1igia$1@dont-email.me> Content-Language: en-US Bytes: 3804 On 9/7/24 3:18 PM, Don Y wrote: > On 9/7/2024 11:35 AM, Joerg wrote: >> On 9/5/24 12:11 PM, Don Y wrote: >>> I'm checking my "deflected" incoming mail to see if anything that >>> *should* have been allowed through was mistakenly diverted >>> (false positive). >>> >>> I see a fair number of phishing attempts on my "public" accounts. >>> But, all are trivially identified as such. >>> >>> So, how is it that folks (organizations) are so often deceived >>> by these things? Are users just lazy? Would it be more helpful >>> to have mail clients make it HARDER to activate an embedded >>> URL or "potentially compromised" attachment? >>> >>> Or, will the stupidity of users adapt, accordingly? >> >> I am generally stunned how naive people can be. "But it came from a >> PG&E address and had a PG&E link in there!" ... "There is a customer >> service number on your paper statements. Did you call them about that >> past due accusation?" ... "Ahm, well, no". > > I see it more as laziness. They know there are ways to check > <whatever> but don't want to be "bothered" to do those things. > > "Didn't you check up on the 'company' before committing to that $20,000 > swimming pool he was eager to sell you?" > > "But, he had a *truck* with the company's name on it!" > > (Wow, imagine how hard that would be to accomplish! <rollseyes>) > >> When it comes to politics and elections it's even worse. "But he had >> such a nice smile!". Don't get me started ... > > I had *one* email slip through my (first version) of my filters. > It was to a "non-public" account that I use so had to pass *just* > my WhiteList (content is "trusted" from WhiteListed senders). > > It was a solicitation for money for a "friend" -- who was > suspiciously not near his phone (yet ALWAYS sends mail FROM his > phone!). That, coupled with the ambiguous/impersonal plea > (e.g., not using my real name to address me) threw up flags. > > The "Reply-To" address (something I hadn't checked in previous > filter designs, relying, instead, on the "From" address) cinched it: > Instead of "Ray" it was "RRay". > > I replied: "Sure! I'll drop it off on my way out to shopping!" > > Of course, this put the emailer in a bit of a panic as I would now > be in direct contact with the person he was impersonating and, as > such, could alert him to the ongoing scam. > > Too late to prevent his ex-wife from sending $400 to "him"... > > Maybe she will have learned her lesson? > Mine was a phone call. Heavy Indian accent, "This is the Windows company. We would like to help you solve a problem we have detected with your Windows"... me "Oh yeah, you are right, there are at least nine windows here that really need cleaning. Do you use Windex for that?" -- Regards, Joerg http://www.analogconsultants.com/