Re: Phishing

On 9/7/24 3:18 PM, Don Y wrote:

On 9/7/2024 11:35 AM, Joerg wrote:

On 9/5/24 12:11 PM, Don Y wrote:

I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
>
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
>
So, how is it that folks (organizations) are so often deceived
by these things?  Are users just lazy?  Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
>
Or, will the stupidity of users adapt, accordingly?

>
I am generally stunned how naive people can be. "But it came from a PG&E address and had a PG&E link in there!" ... "There is a customer service number on your paper statements. Did you call them about that past due accusation?" ... "Ahm, well, no".

 I see it more as laziness.  They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.
 "Didn't you check up on the 'company' before committing to that $20,000
swimming pool he was eager to sell you?"
 "But, he had a *truck* with the company's name on it!"
 (Wow, imagine how hard that would be to accomplish!  <rollseyes>)
 

When it comes to politics and elections it's even worse. "But he had such a nice smile!". Don't get me started ...

 I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).
 It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!).  That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.
 The "Reply-To" address (something I hadn't checked in previous
filter designs, relying, instead, on the "From" address) cinched it:
Instead of "Ray" it was "RRay".
 I replied:  "Sure!  I'll drop it off on my way out to shopping!"
 Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.
 Too late to prevent his ex-wife from sending $400 to "him"...
 Maybe she will have learned her lesson?
 

Mine was a phone call. Heavy Indian accent, "This is the Windows company. We would like to help you solve a problem we have detected with your Windows"... me "Oh yeah, you are right, there are at least nine windows here that really need cleaning. Do you use Windex for that?"
--
Regards, Joerg
http://www.analogconsultants.com/