| Deutsch English Français Italiano |
|
<vbijfn$1igia$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.mixmin.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Don Y <blockedofcourse@foo.invalid> Newsgroups: sci.electronics.design Subject: Re: Phishing Date: Sat, 7 Sep 2024 15:18:19 -0700 Organization: A noiseless patient Spider Lines: 57 Message-ID: <vbijfn$1igia$1@dont-email.me> References: <vbcvp4$eoqp$1@dont-email.me> <lk3ko1F881iU1@mid.individual.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sun, 08 Sep 2024 00:18:33 +0200 (CEST) Injection-Info: dont-email.me; posting-host="0653a2464c640fc67dedbce0322cbd50"; logging-data="1655370"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+G7K7ohwuqPv+7kFep68+D" User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2 Cancel-Lock: sha1:utoAp4+y65ypYIPt7TnCiY9MfMc= In-Reply-To: <lk3ko1F881iU1@mid.individual.net> Content-Language: en-US Bytes: 3485 On 9/7/2024 11:35 AM, Joerg wrote: > On 9/5/24 12:11 PM, Don Y wrote: >> I'm checking my "deflected" incoming mail to see if anything that >> *should* have been allowed through was mistakenly diverted >> (false positive). >> >> I see a fair number of phishing attempts on my "public" accounts. >> But, all are trivially identified as such. >> >> So, how is it that folks (organizations) are so often deceived >> by these things? Are users just lazy? Would it be more helpful >> to have mail clients make it HARDER to activate an embedded >> URL or "potentially compromised" attachment? >> >> Or, will the stupidity of users adapt, accordingly? > > I am generally stunned how naive people can be. "But it came from a PG&E > address and had a PG&E link in there!" ... "There is a customer service number > on your paper statements. Did you call them about that past due accusation?" > ... "Ahm, well, no". I see it more as laziness. They know there are ways to check <whatever> but don't want to be "bothered" to do those things. "Didn't you check up on the 'company' before committing to that $20,000 swimming pool he was eager to sell you?" "But, he had a *truck* with the company's name on it!" (Wow, imagine how hard that would be to accomplish! <rollseyes>) > When it comes to politics and elections it's even worse. "But he had such a > nice smile!". Don't get me started ... I had *one* email slip through my (first version) of my filters. It was to a "non-public" account that I use so had to pass *just* my WhiteList (content is "trusted" from WhiteListed senders). It was a solicitation for money for a "friend" -- who was suspiciously not near his phone (yet ALWAYS sends mail FROM his phone!). That, coupled with the ambiguous/impersonal plea (e.g., not using my real name to address me) threw up flags. The "Reply-To" address (something I hadn't checked in previous filter designs, relying, instead, on the "From" address) cinched it: Instead of "Ray" it was "RRay". I replied: "Sure! I'll drop it off on my way out to shopping!" Of course, this put the emailer in a bit of a panic as I would now be in direct contact with the person he was impersonating and, as such, could alert him to the ongoing scam. Too late to prevent his ex-wife from sending $400 to "him"... Maybe she will have learned her lesson?