Archive for the ‘Phish’ Category

I’ve been getting a flood of phishing attempts, supposedly for a “failed ACH payment”.  In fact, there are times when, in the time it takes me to delete the ones that made it past my filters and into my inbox, a dozen more show up.  Out of curiosity, I checked my spam filter, and found this:

Continue reading ‘Spammers are nothing if not persistent’ »

We’ve all seen those phishing e-mails, trying to steal your login information for banks, credit cards, and what-not. They all start “something bad happened, and if you don’t ‘confirm’ your identity within 72 hours, we’re going to delete your account”. So, when an e-mail with the subject “SourceForge.net passwords reset” hit my inbox the other day, I was a bit suspicious.

However, what followed did not look like your typical phishing scheme. In fact, it was a real e-mail from SourceForge.net.  Here’s the main part of the e-mail, along with my thoughts on what they did “right”.  (As well as what they could have done “better”.)

Hello,

We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database -- just in case.  We're
e-mailing all sf.net registered account holders to let you know about this
change to your account.

So far, it’s not much different than all those phishing e-mails we’ve seen. (Well, except for the use of proper English grammar and spelling, that is.) But, it continues… Continue reading ‘SourceForge.net does it right’ »

What’ s the best anti-phishing tool? According to a recent “Ask Leo” article, the answer is “you”. And I heartily agree.

Phishing is interesting, and difficult to protect against.

But I do have a strong recommendation for the absolute best anti-phishing tool.

You

You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.

Click here to read the rest of his article.