| Deutsch English Français Italiano |
|
<vbnsuq$2im8h$1@news.eternal-september.org> View for Bookmarking (what is this?) Look up another Usenet article |
Path: eternal-september.org!news.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: ehsjr <ehsjr@verizon.net> Newsgroups: sci.electronics.design Subject: Re: Phishing Date: Mon, 9 Sep 2024 18:30:49 -0400 Organization: A noiseless patient Spider Lines: 66 Message-ID: <vbnsuq$2im8h$1@news.eternal-september.org> References: <vbcvp4$eoqp$1@dont-email.me> <lk3ko1F881iU1@mid.individual.net> <vbijfn$1igia$1@dont-email.me> <lk95rrF37u6U1@mid.individual.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Tue, 10 Sep 2024 00:30:50 +0200 (CEST) Injection-Info: news.eternal-september.org; posting-host="ead1c28e664b8c51f2c1bc7fecf0b920"; logging-data="2709777"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18dWZaNI2zPNZSD4MKLNrfv" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:7jg7IuwWkwc0gSruNV8PjaKM4W4= In-Reply-To: <lk95rrF37u6U1@mid.individual.net> Content-Language: en-US On 9/9/2024 4:58 PM, Joerg wrote: > On 9/7/24 3:18 PM, Don Y wrote: >> On 9/7/2024 11:35 AM, Joerg wrote: >>> On 9/5/24 12:11 PM, Don Y wrote: >>>> I'm checking my "deflected" incoming mail to see if anything that >>>> *should* have been allowed through was mistakenly diverted >>>> (false positive). >>>> >>>> I see a fair number of phishing attempts on my "public" accounts. >>>> But, all are trivially identified as such. >>>> >>>> So, how is it that folks (organizations) are so often deceived >>>> by these things? Are users just lazy? Would it be more helpful >>>> to have mail clients make it HARDER to activate an embedded >>>> URL or "potentially compromised" attachment? >>>> >>>> Or, will the stupidity of users adapt, accordingly? >>> >>> I am generally stunned how naive people can be. "But it came from a >>> PG&E address and had a PG&E link in there!" ... "There is a customer >>> service number on your paper statements. Did you call them about that >>> past due accusation?" ... "Ahm, well, no". >> >> I see it more as laziness. They know there are ways to check >> <whatever> but don't want to be "bothered" to do those things. >> >> "Didn't you check up on the 'company' before committing to that $20,000 >> swimming pool he was eager to sell you?" >> >> "But, he had a *truck* with the company's name on it!" >> >> (Wow, imagine how hard that would be to accomplish! <rollseyes>) >> >>> When it comes to politics and elections it's even worse. "But he had >>> such a nice smile!". Don't get me started ... >> >> I had *one* email slip through my (first version) of my filters. >> It was to a "non-public" account that I use so had to pass *just* >> my WhiteList (content is "trusted" from WhiteListed senders). >> >> It was a solicitation for money for a "friend" -- who was >> suspiciously not near his phone (yet ALWAYS sends mail FROM his >> phone!). That, coupled with the ambiguous/impersonal plea >> (e.g., not using my real name to address me) threw up flags. >> >> The "Reply-To" address (something I hadn't checked in previous >> filter designs, relying, instead, on the "From" address) cinched it: >> Instead of "Ray" it was "RRay". >> >> I replied: "Sure! I'll drop it off on my way out to shopping!" >> >> Of course, this put the emailer in a bit of a panic as I would now >> be in direct contact with the person he was impersonating and, as >> such, could alert him to the ongoing scam. >> >> Too late to prevent his ex-wife from sending $400 to "him"... >> >> Maybe she will have learned her lesson? >> > > Mine was a phone call. Heavy Indian accent, "This is the Windows > company. We would like to help you solve a problem we have detected with > your Windows"... me "Oh yeah, you are right, there are at least nine > windows here that really need cleaning. Do you use Windex for that?" > :-)