Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 3 - Recognizing phishing and online scams

On day 3 of Cyber Security Awareness Month 2010 the topic is Recognizing phishing and online scams. Which is an interesting discussion. For example, would phishers still bother if no one clicked and freely entered their credit card and personal information? Would 419 scammers bother if no one responded to their messages? Since there is a profit motive behind the miscreants actions if there were a diminishing return, or the actual possibility or prosecution, would we continue to see so many of their emails and web sites? Philosophical questions aside, in oder to reduce the harm of scammer and phishers the people receiving the bait need to be able to recognize the messages as such and not respond or click.

Don't click or respond to the following:

  • If it sounds too good to be true, it is.
  • If the message does not appear authentic, it probably isn't.
  • Do the content of the message appear in search engine results?
  • If you hover your mouse over the link does your browser or security software silently scream at you?
  • Seeing silly typos, formatting, or grammatical errors a professional would not make.
  • If the message asks you to send your information to them, rather than the other way around.
  • If you don't have an account with the company supposedly sending the email!

Here are some useful links:

  • http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx
  • http://www.us-cert.gov/reading_room/emailscams_0905.pdf
  • http://www.gongol.com/howto/recognizephishing/
  • http://www.surfnetkids.com/safety/how_to_recognize_phishing-21760.htm

This is just a start, please send in your suggestions on ways to avoid falling for scammers by recognizing the signs.

Update: Leigh sent in the following quiz to assist in detecting phishing/scams:

http://www.ballarat.edu.au/aasp/is/ict/security/security_challenge.shtml

Cheers,
Adrien de Beaupré
EWA-Canada.com

 

Adrien de Beaupre

353 Posts
ISC Handler
If the person is capable of even a rudimentary understanding of email source, there are a few things they can be taught, like making sure the email does come from the company claiming to have sent it, and not some home user or .ru or .cn domain, for example. Also check the links in the email to see if they really point where they claim. That isn't necessarily that hard. And if it is base64 encoded, just delete it.

Which gets to one of my pet peeves with Microsoft and Apple - no easy way to view source, and no way at all WITHOUT opening the email first. (Expose myself to any exploit just so I can check for exploits. Great.)
I use Thunderbird because of this. To me "View source" is one of the biggest security tools available, and it just isn't available enough.
(Outlook Express had this ability, but it was taken out of Outlook.)
Anonymous
Have people view emails as Plain Text. Most of the scams/malicious ones are clearly obvious when not viewing HTML - plus many actions are simply prevented. Provide clients a simple way to switch between Plain Text (the default) and HTML. This is trivial with Thunderbird.
Rastech

18 Posts
Tell them, that the senders E-Mail address can easily be faked, so do not rely upon it, especially also when you get an unexpected E-Mail from a _known_ person asking you to follow a link or to open an attachment.
Rastech
3 Posts
Check the host file for other entrys then 127.0.0.1 or lines beginning with an octothorpe #. Tell them, in which directory it is.

=> pharming
Rastech
3 Posts

Sign Up for Free or Log In to start participating in the conversation!