Discussion:
Phishing
(too old to reply)
Don Y
2024-09-05 19:11:24 UTC
Permalink
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).

I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.

So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?

Or, will the stupidity of users adapt, accordingly?
john larkin
2024-09-05 22:11:42 UTC
Permalink
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
Outlook will apparently send anything through, even obvious phishing
ploys.
legg
2024-09-07 13:18:55 UTC
Permalink
Post by john larkin
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
Outlook will apparently send anything through, even obvious phishing
ploys.
It's a mail application, not an anti-virus filter.

Mail servers of paid ISPs are getting less responsible in that regard,
also, no longer filtering spam 'for free'.

You're probably your own best mail filter.

RL
john larkin
2024-09-07 14:26:38 UTC
Permalink
Post by legg
Post by john larkin
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
Outlook will apparently send anything through, even obvious phishing
ploys.
It's a mail application, not an anti-virus filter.
It has a tab for reporting phishing which says it helps them keep
user' information safe. They seem to ignore the reports.

There are lots of things that don't work in Outlook.
Post by legg
Mail servers of paid ISPs are getting less responsible in that regard,
also, no longer filtering spam 'for free'.
You're probably your own best mail filter.
Yes, I've had to set up my own filters, but I don't have access to the
tools that Microsoft presumably has.

It's a mild chore, to review and delete the 60 or so spams and
phishings per day. But what's granny down the block to do?
Edward Rawde
2024-09-05 23:56:08 UTC
Permalink
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
More likely the ingenuity of scammers will adapt accordingly.

I got a "Your amazon account has been charged" call today.
Caller ID gave a local number, just different last four digits.

I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Don Y
2024-09-06 18:51:31 UTC
Permalink
Post by Edward Rawde
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
More likely the ingenuity of scammers will adapt accordingly.
They have to coax/entice/trick you into DOING something.
By making it harder for you to "do things" acts as a
deterrent to these sorts of exploits.

E.g., if you had to cut/paste a URL into a browser (instead
of clicking on a link embedded in an email), you would be
less inclined to casually do so. AND, would be forced to
see the ACTUAL URL instead of letting it hide behind
"click here".
Post by Edward Rawde
I got a "Your amazon account has been charged" call today.
Caller ID gave a local number, just different last four digits.
Our phone is pretty well locked down. Calls go to one of
two voice mails -- without ringing the phone; neither is
checked often (and one is NEVER checked).

OTOH, if you are a WELCOMED caller, the phone actually *rings*.

Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
Post by Edward Rawde
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).

Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
Edward Rawde
2024-09-06 23:59:37 UTC
Permalink
Post by Don Y
Post by Edward Rawde
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
More likely the ingenuity of scammers will adapt accordingly.
They have to coax/entice/trick you into DOING something.
By making it harder for you to "do things" acts as a
deterrent to these sorts of exploits.
Making it harder to do things will likely mean that nothing gets done.
Post by Don Y
E.g., if you had to cut/paste a URL into a browser (instead
of clicking on a link embedded in an email), you would be
less inclined to casually do so. AND, would be forced to
see the ACTUAL URL instead of letting it hide behind
"click here".
While most people who read this group can do that, most people cannot.
Also have you tried doing that with a phone?
Post by Don Y
Post by Edward Rawde
I got a "Your amazon account has been charged" call today.
Caller ID gave a local number, just different last four digits.
Our phone is pretty well locked down. Calls go to one of
two voice mails -- without ringing the phone; neither is
checked often (and one is NEVER checked).
I usually answer local calls and calls from known numbers.
Others may be answered if they start leaving a message, depending on the message.
Post by Don Y
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
Post by Edward Rawde
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Actually that's not quite true because at the server level I also have
https://rspamd.com/ which works well.

I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.
Post by Don Y
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
Don Y
2024-09-07 00:26:36 UTC
Permalink
Post by Edward Rawde
Post by Don Y
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
Post by Edward Rawde
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Actually that's not quite true because at the server level I also have
https://rspamd.com/ which works well.
I let my MTAs handle spam detection. But, they can't determine if a
"please verify your email" message is warranted, or not. And, those
often contain a link to make it easier for you to invoke a browser
at the specific target URL.
Post by Edward Rawde
I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
I regularly receive attachments from folks on my non-published accounts.
Often, just photos that they are using to illustrate something. Other
times, large chunks of code or documentation. Sometimes, EXEs (where
they want to illustrate the behavior of a piece of code and know that I
don't have access to their native RTOS to run a compiled binary for it).

The same applies in reverse. E.g., if I want to get an appraisal of
the differences in pronunciation for different algorithms, it's easier
to send them a WINDOWS binary and let *them* choose the words to compare.
This lets them also play with the characteristics of the *voice* (which
is different from the *pronunciation*) to accentuate any differences
they perceive -- based on their own hearing artifacts.

Of course, this all gets executed in a sandbox (belts-n-braces).
Post by Edward Rawde
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.
Post by Don Y
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
Edward Rawde
2024-09-07 00:41:49 UTC
Permalink
Post by Don Y
Post by Edward Rawde
Post by Don Y
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
Post by Edward Rawde
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Actually that's not quite true because at the server level I also have
https://rspamd.com/ which works well.
I let my MTAs handle spam detection. But, they can't determine if a
"please verify your email" message is warranted, or not. And, those
often contain a link to make it easier for you to invoke a browser
at the specific target URL.
Post by Edward Rawde
I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
I regularly receive attachments from folks on my non-published accounts.
Often, just photos that they are using to illustrate something. Other
times, large chunks of code or documentation. Sometimes, EXEs (where
they want to illustrate the behavior of a piece of code and know that I
don't have access to their native RTOS to run a compiled binary for it).
I never allow an MTA to do anything with an exe other than discard it.
If I have a need to send an exe it goes in a zip which is made downloadable.
Post by Don Y
The same applies in reverse. E.g., if I want to get an appraisal of
the differences in pronunciation for different algorithms, it's easier
to send them a WINDOWS binary and let *them* choose the words to compare.
This lets them also play with the characteristics of the *voice* (which
is different from the *pronunciation*) to accentuate any differences
they perceive -- based on their own hearing artifacts.
Of course, this all gets executed in a sandbox (belts-n-braces).
Post by Edward Rawde
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.
Post by Don Y
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
Joerg
2024-09-07 18:35:44 UTC
Permalink
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things?  Are users just lazy?  Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a PG&E
address and had a PG&E link in there!" ... "There is a customer service
number on your paper statements. Did you call them about that past due
accusation?" ... "Ahm, well, no".

When it comes to politics and elections it's even worse. "But he had
such a nice smile!". Don't get me started ...
--
Regards, Joerg

http://www.analogconsultants.com/
Don Y
2024-09-07 22:18:19 UTC
Permalink
Post by Joerg
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things?  Are users just lazy?  Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a PG&E
address and had a PG&E link in there!" ... "There is a customer service number
on your paper statements. Did you call them about that past due accusation?"
... "Ahm, well, no".
I see it more as laziness. They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.

"Didn't you check up on the 'company' before committing to that $20,000
swimming pool he was eager to sell you?"

"But, he had a *truck* with the company's name on it!"

(Wow, imagine how hard that would be to accomplish! <rollseyes>)
Post by Joerg
When it comes to politics and elections it's even worse. "But he had such a
nice smile!". Don't get me started ...
I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).

It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!). That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.

The "Reply-To" address (something I hadn't checked in previous
filter designs, relying, instead, on the "From" address) cinched it:
Instead of "Ray" it was "RRay".

I replied: "Sure! I'll drop it off on my way out to shopping!"

Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.

Too late to prevent his ex-wife from sending $400 to "him"...

Maybe she will have learned her lesson?
Joerg
2024-09-09 20:58:35 UTC
Permalink
Post by Joerg
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things?  Are users just lazy?  Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a
PG&E address and had a PG&E link in there!" ... "There is a customer
service number on your paper statements. Did you call them about that
past due accusation?" ... "Ahm, well, no".
I see it more as laziness.  They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.
"Didn't you check up on the 'company' before committing to that $20,000
swimming pool he was eager to sell you?"
"But, he had a *truck* with the company's name on it!"
(Wow, imagine how hard that would be to accomplish!  <rollseyes>)
Post by Joerg
When it comes to politics and elections it's even worse. "But he had
such a nice smile!". Don't get me started ...
I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).
It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!).  That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.
The "Reply-To" address (something I hadn't checked in previous
Instead of "Ray" it was "RRay".
I replied:  "Sure!  I'll drop it off on my way out to shopping!"
Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows
company. We would like to help you solve a problem we have detected with
your Windows"... me "Oh yeah, you are right, there are at least nine
windows here that really need cleaning. Do you use Windex for that?"
--
Regards, Joerg

http://www.analogconsultants.com/
Don Y
2024-09-09 21:41:30 UTC
Permalink
Post by Don Y
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows company. We
would like to help you solve a problem we have detected with your Windows"...
me "Oh yeah, you are right, there are at least nine windows here that really
need cleaning. Do you use Windex for that?"
We don't accept calls from "unknown" callers so don't have that problem.

Regardless, one would *think* that folks could use some common sense;
"How did this guy discover a problem with MY computer and know the
telephone number that would get him in touch with ME?"

We're really careful about giving out "personal" information, even to
friends, out of fear they will record it in some device that can be
compromised and used as a beachhead to access *us*.

"My birthdate? Oh, you MISSED it -- it was a few years ago. But,
that's OK; I wasn't expecting you to acknowledge it... Thanks
for the sentiment, though!"

[I use an assortment of random dates when queried by online services,
1/1/1980 being a favorite, for obvious reasons]
Joerg
2024-09-09 21:50:14 UTC
Permalink
Post by Don Y
Post by Joerg
Post by Don Y
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows
company. We would like to help you solve a problem we have detected
with your Windows"... me "Oh yeah, you are right, there are at least
nine windows here that really need cleaning. Do you use Windex for that?"
We don't accept calls from "unknown" callers so don't have that problem.
I don't either but I could not resist to pull that prank.
Post by Don Y
Regardless, one would *think* that folks could use some common sense;
"How did this guy discover a problem with MY computer and know the
telephone number that would get him in touch with ME?"
We're really careful about giving out "personal" information, even to
friends, out of fear they will record it in some device that can be
compromised and used as a beachhead to access *us*.
"My birthdate?  Oh, you MISSED it -- it was a few years ago.  But,
that's OK; I wasn't expecting you to acknowledge it...  Thanks
for the sentiment, though!"
[I use an assortment of random dates when queried by online services,
1/1/1980 being a favorite, for obvious reasons]
I never give them anything.
--
Regards, Joerg

http://www.analogconsultants.com/
Don Y
2024-09-09 23:31:21 UTC
Permalink
Post by Joerg
Post by Don Y
Post by Don Y
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows company. We
would like to help you solve a problem we have detected with your
Windows"... me "Oh yeah, you are right, there are at least nine windows here
that really need cleaning. Do you use Windex for that?"
We don't accept calls from "unknown" callers so don't have that problem.
I don't either but I could not resist to pull that prank.
Our phone simply doesn't ring so there is no "missed opportunity".
(why would I want the phone to annoy me if I'm not going to answer it?)
Post by Joerg
Post by Don Y
Regardless, one would *think* that folks could use some common sense;
"How did this guy discover a problem with MY computer and know the
telephone number that would get him in touch with ME?"
We're really careful about giving out "personal" information, even to
friends, out of fear they will record it in some device that can be
compromised and used as a beachhead to access *us*.
"My birthdate?  Oh, you MISSED it -- it was a few years ago.  But,
that's OK; I wasn't expecting you to acknowledge it...  Thanks
for the sentiment, though!"
[I use an assortment of random dates when queried by online services,
1/1/1980 being a favorite, for obvious reasons]
I never give them anything.
Many sites require a "valid date" to complete the "registration"
process. Some will make the argument that they need "assurance"
that you are of age to be able to enter into a legal relationship.
Others, to ensure you aren't a "minor". (Amusing to think that
they assume folks will be truthful in their answers and that
simply *asking* the question constitutes "due diligence")

We are also cautious about how to answer "security questions"
(which can also leak information).

"What was the name of your first pet?"
2334 B X Z (a common name, no?)

And, never give out a phone number for 2FA.

Of course, it means you have to keep careful track of your LIES... :>
ehsjr
2024-09-09 22:30:49 UTC
Permalink
Post by Joerg
Post by Joerg
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things?  Are users just lazy?  Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a
PG&E address and had a PG&E link in there!" ... "There is a customer
service number on your paper statements. Did you call them about that
past due accusation?" ... "Ahm, well, no".
I see it more as laziness.  They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.
"Didn't you check up on the 'company' before committing to that $20,000
swimming pool he was eager to sell you?"
"But, he had a *truck* with the company's name on it!"
(Wow, imagine how hard that would be to accomplish!  <rollseyes>)
Post by Joerg
When it comes to politics and elections it's even worse. "But he had
such a nice smile!". Don't get me started ...
I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).
It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!).  That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.
The "Reply-To" address (something I hadn't checked in previous
Instead of "Ray" it was "RRay".
I replied:  "Sure!  I'll drop it off on my way out to shopping!"
Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows
company. We would like to help you solve a problem we have detected with
your Windows"... me "Oh yeah, you are right, there are at least nine
windows here that really need cleaning. Do you use Windex for that?"
:-)
john larkin
2024-09-08 00:04:16 UTC
Permalink
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
Jasen Betts
2024-09-09 05:01:07 UTC
Permalink
Post by john larkin
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
no, that is when they concentrate on compromising servers.
--
Jasen.
🇺🇦 Слава Україні
Joerg
2024-09-09 21:50:58 UTC
Permalink
Post by john larkin
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
Only the unionized bots do.
--
Regards, Joerg

http://www.analogconsultants.com/
john larkin
2024-09-09 23:08:30 UTC
Permalink
Post by Joerg
Post by john larkin
Post by Don Y
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
Only the unionized bots do.
Oh. Thanks.
Loading...