Article <vbg51a$lm8$1@nnrp.usenet.blueworldhosting.com>

Deutsch English Français Italiano
<vbg51a$lm8$1@nnrp.usenet.blueworldhosting.com>

View for Bookmarking (what is this?)
Look up another Usenet article
Path: ...!weretis.net!feeder9.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!nnrp.usenet.blueworldhosting.com!.POSTED!not-for-mail
From: "Edward Rawde" <invalid@invalid.invalid>
Newsgroups: sci.electronics.design
Subject: Re: Phishing
Date: Fri, 6 Sep 2024 19:59:37 -0400
Organization: BWH Usenet Archive (https://usenet.blueworldhosting.com)
Lines: 78
Message-ID: <vbg51a$lm8$1@nnrp.usenet.blueworldhosting.com>
References: <vbcvp4$eoqp$1@dont-email.me> <vbdgep$kgm$1@nnrp.usenet.blueworldhosting.com> <vbfivs$tlhp$3@dont-email.me>
Injection-Date: Fri, 6 Sep 2024 23:59:38 -0000 (UTC)
Injection-Info: nnrp.usenet.blueworldhosting.com;
	logging-data="22216"; mail-complaints-to="usenet@blueworldhosting.com"
Cancel-Lock: sha1:7eEeXm4s+51rZ6mK0k7XoJfwfTI= sha256:zHeQZldg5YfvqkOtIvAxcn9Fbk9IqrcSvCi2shGf3qA=
	sha1:EVK9806rmkXNPH0uKebTz6svOqU= sha256:fDcov1MaH+OMvRCGmmREdz4KST5xkASIWDuOnUIV6hQ=
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
X-RFC2646: Format=Flowed; Response
X-Newsreader: Microsoft Outlook Express 6.00.2900.5931
X-Priority: 3
X-MSMail-Priority: Normal
Bytes: 4420

"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vbfivs$tlhp$3@dont-email.me...
> On 9/5/2024 4:56 PM, Edward Rawde wrote:
>> "Don Y" <blockedofcourse@foo.invalid> wrote in message news:vbcvp4$eoqp$1@dont-email.me...
>>> I'm checking my "deflected" incoming mail to see if anything that
>>> *should* have been allowed through was mistakenly diverted
>>> (false positive).
>>>
>>> I see a fair number of phishing attempts on my "public" accounts.
>>> But, all are trivially identified as such.
>>>
>>> So, how is it that folks (organizations) are so often deceived
>>> by these things?  Are users just lazy?  Would it be more helpful
>>> to have mail clients make it HARDER to activate an embedded
>>> URL or "potentially compromised" attachment?
>>>
>>> Or, will the stupidity of users adapt, accordingly?
>>
>> More likely the ingenuity of scammers will adapt accordingly.
>
> They have to coax/entice/trick you into DOING something.
> By making it harder for you to "do things" acts as a
> deterrent to these sorts of exploits.

Making it harder to do things will likely mean that nothing gets done.

>
> E.g., if you had to cut/paste a URL into a browser (instead
> of clicking on a link embedded in an email), you would be
> less inclined to casually do so.  AND, would be forced to
> see the ACTUAL URL instead of letting it hide behind
> "click here".

While most people who read this group can do that, most people cannot.
Also have you tried doing that with a phone?

>
>> I got a "Your amazon account has been charged" call today.
>> Caller ID gave a local number, just different last four digits.
>
> Our phone is pretty well locked down.  Calls go to one of
> two voice mails -- without ringing the phone; neither is
> checked often (and one is NEVER checked).

I usually answer local calls and calls from known numbers.
Others may be answered if they start leaving a message, depending on the message.

>
> OTOH, if you are a WELCOMED caller, the phone actually *rings*.
>
> Two of our phones only accept calls from the OTHER of our
> phones (the numbers have never been "given out" to anyone
> so an incoming call that is not from one of our phones is
> obviously not something we want to receive).  If you
> deliberately fail to set up your voicemail, then these
> calls just fall off into never-never-land.
>
>> I don't bother filtering email except at the server level where some countries can't connect inbound at all.

Actually that's not quite true because at the server level I also have
https://rspamd.com/ which works well.

I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.

>
> The phishing protection doesn't rely on filtering messages.
> Rather, just not making URLs easy to access (or attachments
> easy to open).
>
> Folks who have any of my "non-public" email addresses are
> treated like you would expect a trusted correspondent to be
> treated.  But, traffic on the "public" (published) accounts
> is highly censored.
>
>