http://emergentchaos.com/archives/2007/04/phriday-phish-blogging-randomly-flagged.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2007/04/phriday-phish-blogging-randomly-flagged.html/comment-page-1#comment-3480 Iang Fri, 06 Apr 2007 15:52:41 +0000 http://emergentchaos.com/?p=2303#comment-3480 There is a valid use case in the governance world where random accounts are selected and probed. Of course, if we knew this, then it would be easy to craft defences against this being abused by phishers ... the problem is that the users don't know it and aren't easily able to work it out. There is a valid use case in the governance world where random accounts are selected and probed. Of course, if we knew this, then it would be easy to craft defences against this being abused by phishers … the problem is that the users don’t know it and aren’t easily able to work it out.

]]> http://emergentchaos.com/archives/2007/04/phriday-phish-blogging-randomly-flagged.html/comment-page-1#comment-3479 Sid Fri, 06 Apr 2007 10:42:33 +0000 http://emergentchaos.com/?p=2303#comment-3479 It gets even worse when banks hire third-party marketing firms to manage communication with their clients! I have seen quite a few emails from domains not my bank's, and they are legit. It gets even better when they say "click this link and fill out a short survey for a $100 credit to your account." (Chase bank has done this.) The URL is never at thebank.com (always the marketing firm), so it looks shady. Here the banks are <i>training</i> people to fall victim to phishing! <a href="http://stop-phishing.blogspot.com/2006/11/validating-phishers.html" rel="nofollow"> Click here for another "training" email from a bank...</a> It gets even worse when banks hire third-party marketing firms to manage communication with their clients! I have seen quite a few emails from domains not my bank’s, and they are legit.
It gets even better when they say “click this link and fill out a short survey for a $100 credit to your account.” (Chase bank has done this.) The URL is never at thebank.com (always the marketing firm), so it looks shady. Here the banks are training people to fall victim to phishing!
Click here for another “training” email from a bank…

]]> http://emergentchaos.com/archives/2007/04/phriday-phish-blogging-randomly-flagged.html/comment-page-1#comment-3478 Justin Mason Fri, 06 Apr 2007 05:57:29 +0000 http://emergentchaos.com/?p=2303#comment-3478 Banks _ARE_ sending URLs like that, that's the problem! We regularly have to ditch promising phish-detection rules in SpamAssassin because they match the cruddy "link-tracking" URLs the banks send out. Banks _ARE_ sending URLs like that, that’s the problem! We regularly have to ditch promising phish-detection rules in SpamAssassin because they match the cruddy “link-tracking” URLs the banks send out.

]]>