I’ve been getting a flood of phishing attempts, supposedly for a “failed ACH payment”. In fact, there are times when, in the time it takes me to delete the ones that made it past my filters and into my inbox, a dozen more show up. Out of curiosity, I checked my spam filter, and found this:
Archive for the ‘e-mail’ Category
We’ve all seen those phishing e-mails, trying to steal your login information for banks, credit cards, and what-not. They all start “something bad happened, and if you don’t ‘confirm’ your identity within 72 hours, we’re going to delete your account”. So, when an e-mail with the subject “SourceForge.net passwords reset” hit my inbox the other day, I was a bit suspicious.
However, what followed did not look like your typical phishing scheme. In fact, it was a real e-mail from SourceForge.net. Here’s the main part of the e-mail, along with my thoughts on what they did “right”. (As well as what they could have done “better”.)
Hello, We recently experienced a directed attack on SourceForge infrastructure (http://sourceforge.net/blog/sourceforge-net-attack/) and so we are resetting all passwords in the sf.net database -- just in case. We're e-mailing all sf.net registered account holders to let you know about this change to your account.
So far, it’s not much different than all those phishing e-mails we’ve seen. (Well, except for the use of proper English grammar and spelling, that is.) But, it continues… Continue reading ‘SourceForge.net does it right’ »
What’ s the best anti-phishing tool? According to a recent “Ask Leo” article, the answer is “you”. And I heartily agree.
Phishing is interesting, and difficult to protect against.
But I do have a strong recommendation for the absolute best anti-phishing tool.
You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.
Click here to read the rest of his article.
In the never-ending fight against spam, we all (hopefully) have some sort of filtering on our inboxes. In the attempt to let less and less spam through, there are the inevitable casualties called “false positives” — legitimate e-mail that our filters treat as spam. One way to help minimize those false positives is called “whitelisting”. Any e-mail that comes from a whitelisted address will be let through without any further checks. This helps assure that important e-mails make it through, and many newsletters that you can subscribe to will tell you the address that the mailings will come from, and suggest that you whitelist that address.
Now, many people often send themselves a copy of important e-mails that they send to others, so they have their own copy in their inbox. And, to prevent such e-mails from possibly hitting their spam traps, they whitelist their own address. While this sounds like a good idea on the surface, it’s actually a bad idea in today’s spam-filled era.