North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: ISP phishing
- From: Robert Boyle
- Date: Tue Jun 28 19:34:26 2005
At 05:17 PM 6/28/2005, Mark Tombaugh wrote:
On Thu, 2005-06-23 at 09:54 -0400, Robert Boyle wrote:
> we enabled a global rule which blocks
> any email from accounts such as billing, root, postmaster, antivirus,
> abuse, security, etc. which don't originate from our management IP space
> where our people work. As a result, we have stopped these phishing scams
> for our users dead in their tracks.
You sound so sure about that... Am I missing something?
From: E-gold Safeharbor Department <firstname.lastname@example.org>
Subject: Attention! Your account has been violated!
From: "SOUTHTRUST" <email@example.com>
Subject: SouthTrust Bank: important account notification
We have stopped the phishing which looks like it is from
us(tellurian.net/tellurian.com/garden.net). Not from "their" bank, paypal,
ebay, credit card companies, etc. Our main concern was with messages which
looked like they were from firstname.lastname@example.org telling people there was a
problem with their email and they have to run this file or a problem with
their account payment from email@example.com and the details were in
the attached file. To the novice user, it may look legitimate since we are
their ISP and with that comes a certain amount of trust - despite the fact
that we would never send files to our customers and tell them to run them.
However, the spoofed messages from us have completely stopped now. The
regular phishing scams continue, but SPF does help with this if the
customers have turned it on for their account. Unfortunately, the customers
smart enough to turn it on usually won't be suckered by phishing scams in
the first place.
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin