@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

@dashrender said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@pete-s said in Whack a mole: Dealing with Spam/Phishing:

@gjacobse said in Whack a mole: Dealing with Spam/Phishing:

@scottalanmiller said in Whack a mole: Dealing with Spam/Phishing:

The problem is the process... why would someone be reporting spam and why is someone blocking it? That doesn't make sense. Get a good spam filter, configure, train people how to delete, done

"But this is the way we (they) have always done it... "

You mean they are "reporting" as in actually reporting it to someone? And not by marking it as spam in the email client?

Yeah, that doesn't make any sense. Far too time consuming.

Outlook Toolbar.. Reporting
d4517c20-ac54-44fd-a195-1b6ef87caf87-image.png

OK, but that just ends up sending an alert email to the designated phishing mail contact, which is IT right?

It would have made more sense if those emails had been forwarded to Trend Micro automatically and their adaptive algorithm would have learned how to detect them.

Right now Trend Micro doesn't have a clue what emails their user are classifying as spam or phishing attempts. Because that happens way after the email has passed through their gateway.

That's interesting.

With Appriver - we forward emails to [email protected] and appriver deals with it. Other than constantly reminding people that's where the report needs to go - I don't really deal with it.

Thought as Scott mentioned - so much spam is a once and done situation - so reporting it is often pointless.

That's not a bad process. But still a bit more than just "mark as spam" which is really simple.

oh, that most definitely is. and it's an option we have in O365.... but we now have two layers of spam filtering - appriver and MS...

So people have to report to O365 AND AppRIver? Do they really catch enough different to justify filtering twice?

no, they don't - and likely they aren't. I've shown nearly no one how to report to MS - so that's the one that's skipped. Everyone has been told about forwarding email to spam@appriver - and yes, it's more work than just right click - mark as spam, but not so much so that people don't do it.

Why report to that one when O365 is the important one and the one that's like 10x more likely to be permanent instead of being clearly in the "should be removed" category? Less work, better results, less long term risk.

Time, the old process is already in place. It's just a matter of informing people at this point - it just hasn't happened yet.

@dashrender said in Webroot status:

I have one client (well, x-client now) that just moved away from it because the new owners used something else, but up to the beginning of June, they were on it with no issues.

Unless "paying for something that has a negative impact on them" is an issue. To a business, that is always an issue. It's a "loss event" just like any other, similar to a small outage or dataloss. It's a business mistake that causes measurable lost revenue and puts other revenue at risk. So while a hobby could classify it as "not having any issue", no actual business can.

@BraswellJay said in Email phishing attempt against one of our vendors was successful ...:

Enough to sting but not crippling to us or the vendor involved.

Thankfully!

@manxam said in Phishing testing / awareness / training suggestions?:

MSPs can only purchase Platinum or Diamond I was told, and at a minimum of 101 seats @ MSRP -20%. So, a minimum spend of $2400 CDN for us and $3000 for the customer for their "recommended" tier (platinum).

Does the old adage apply here? "Gotta pay to play"...?

Well if you are approaching as an MSP, this is to be expected. You are assumed to be reselling the service. This is the only thing they allow to be resold.

You as the MSP buy 101 licenses and resell 10 each to a few clients at MSRP -5%.

Thanks a lot I'll read that soon.

If you ever need to report a Microsoft partner for ethics breaches, you can email [email protected]

@coliver said in Smart Phishing Spams worrying me:

This is called spear phishing or targeted phishing. There isn't much you can do about it from a technical perspective. Train your users is about the only option.

That's really the case. The thing about spear phishing is that it is all but impossible to conidently detect unless you are the human recipient and can verify the details in some other manner.

There is a blacklist that all CA's have on high dollar domain names to prevent major fraud. LE cannot issue for something.microsoft.com or something.bestbuy.com for example.

But the sub domain names used in these PayPal examples are all outside of that. They are all on valid (ish) TLD.

@dafyre said in Actual Malicious LinkedIn Emails:

@ChrisL said in Actual Malicious LinkedIn Emails:

@dafyre said in Actual Malicious LinkedIn Emails:

@ChrisL said in Actual Malicious LinkedIn Emails:

I would always hope that someone isn't naive enough to think that a major financial institution with their contact info on hand would reach out to them through LinkedIn.

Buuuuuut, I've been wrong before.

Nah... Why would they do that, when they could impersonate a family friend and try to tell me that I won 150k from a non-existent government agency.

Congratulations!

Can I give them your bank account numbers? We can split the winnings.

I was afraid you'd never ask.

Very cool, looks like a good tool.

@stacksofplates said in OWA is vulnerable to Phishing:

@scottalanmiller said in OWA is vulnerable to Phishing:

@aidan_walsh said in OWA is vulnerable to Phishing:

@Breffni-Potter said in OWA is vulnerable to Phishing:

Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

Same again for the banking website.

Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

And yet...

Partially that's because real banks have done that traditionally.

Like AMEX. I needed a password reset and they asked all of the info on my card, other than my name and expiration.

Yeah, it definitely still happens. And I've had huge security gaps that I've told a bank was not secure and they didn't care. I said... I literally have no means to tell if you are really my bank or not and they are just like "so, we don't care."

Tagging @stus

@Reid-Cooper somebody once said... "bow ties are cool"