|
Re: [Asrg] who gets the report, was We really don't need
2010-02-09 05:58:13
--On 8 February 2010 09:46:38 -0800 Steve Atkins <steve(_at_)blighty(_dot_)com>
wrote:
On Feb 8, 2010, at 9:44 AM, Bart Schaefer wrote:
On Feb 8, 3:33pm, John Levine wrote:
}
} If a spammer wants to confirm receipt, which very few of them do,
} he uses web bugs. I suppose info about the MUA might be marginally
} useful, but if I were a spammer and knew that a recipient was
} sufficiently annoyed to press the spam button, I'd take them off the
} list. I still have millions of other people to mail to, after all.
And what if you were not a spammer, but a phisher?
Much the same, as someone who knows that
the mail I'm sending is bogus is not an interesting phish target (heck,
someone who has a TiS button and isn't afraid to use it isn't
an interesting phish target).
I've seen one case where a phishing target responded to the message saying
"but you keep telling me not to share my password". The phisher responded
saying "yes, usually we do that, but in this case we really need it". The
target gave up her password after a couple more exchanges. The phisher
worked really hard to get that account, which was then used to send more
phish.
I see a similar scenario like this: target hits TiS button; report goes to
phisher; phisher replies saying, "no honestly we really need this
information" in a message that's even more convincing because it's pulled
additional information from the report (like the user's real name from the
"From" header, and job title from a sig); target yields password.
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, (continued)
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Ian Eiloart
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Alessandro Vesely
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Murray S. Kucherawy
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Alessandro Vesely
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Ian Eiloart
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Murray S. Kucherawy
- Re: [Asrg] RFC5451 Re: who gets the report, was We really don't need, Alessandro Vesely
- Re: [Asrg] who gets the report, was We really don't need, Bart Schaefer
- Re: [Asrg] who gets the report, was We really don't need, Steve Atkins
- Re: [Asrg] who gets the report, was We really don't need, Seth
- Re: [Asrg] who gets the report, was We really don't need,
Ian Eiloart <=
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, Daniel Feenberg
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, John Levine
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, Steve Atkins
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, Daniel Feenberg
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, Alessandro Vesely
- Re: [Asrg] We don't need no stinkin IMAP or POP, was Adding a spam button to MUAs, Daniel Feenberg
- Re: [Asrg] Adding a spam button to MUAs, Ian Eiloart
- Re: [Asrg] MX, was Adding a spam button to MUAs, John Levine
- Re: [Asrg] MX, was Adding a spam button to MUAs, Ian Eiloart
- Re: [Asrg] MX, was Adding a spam button to MUAs, SM
|
|
|