Discussion:
Phishing
Paul D. Robertson
2013-04-10 21:52:15 UTC
Permalink
Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
J. Craig
2013-04-10 22:45:06 UTC
Permalink
Proofpoint has a URL rewriting option which has been extremely useful. Not
sure of other solutions.

-jc
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone
have any good pointers or tools for phishing/spear phishing threats?
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Dave Piscitello
2013-04-11 07:51:20 UTC
Permalink
If you mean training, try phishme.com
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Dotzero
2013-04-10 22:56:46 UTC
Permalink
Training is useful as long as it is appropriate training that the
enduser can reasonably implement.

As far as blocking Facebook/LinkedIn, I don't believe it is a
particularly useful approach. I prefer to educate endusers on ways to
mitigate risks.

An example of this is to never click on purported LinkedIn emails.
Delete them and log into the site to check the message. Another
example is to never accept an invitation to link from someone you
don't know unless someone you know vouches for them. Taking these
sorts of steps significantly reduces potential risks.

I do recommend applying SPF/DKIM/DMARC validation to inbound mail
streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
ahead of enterprises in doing this. Inbound email authentication
validation adds a layer of protection to protect your users and
organization. If you have a brand/domain at risk it is useful to
implement on the sending side to help protect your customers, partners
and vendors.

Reporting malicious URLs and redirectors that arrive in your inbox(s)
or traps to APWG is useful as is reporting them to the abuse contact
in whois or to the upstream provider.

A good practice is to also implement BCP38 outbound filtering. It
protects your reputation and ultimately helps everyone else from abuse
eminating from your network.

Just a few thoughts,

Mike
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Paul D. Robertson
2013-04-11 09:38:07 UTC
Permalink
I've had friends tell me that they've never failed using fake LinkedIn accounts when performing pen tests- I'm not sure how valuable training is, but I'm reasonably confident it and Facebook are the top two common vectors.

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
Post by Dotzero
Training is useful as long as it is appropriate training that the
enduser can reasonably implement.
As far as blocking Facebook/LinkedIn, I don't believe it is a
particularly useful approach. I prefer to educate endusers on ways to
mitigate risks.
An example of this is to never click on purported LinkedIn emails.
Delete them and log into the site to check the message. Another
example is to never accept an invitation to link from someone you
don't know unless someone you know vouches for them. Taking these
sorts of steps significantly reduces potential risks.
I do recommend applying SPF/DKIM/DMARC validation to inbound mail
streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
ahead of enterprises in doing this. Inbound email authentication
validation adds a layer of protection to protect your users and
organization. If you have a brand/domain at risk it is useful to
implement on the sending side to help protect your customers, partners
and vendors.
Reporting malicious URLs and redirectors that arrive in your inbox(s)
or traps to APWG is useful as is reporting them to the abuse contact
in whois or to the upstream provider.
A good practice is to also implement BCP38 outbound filtering. It
protects your reputation and ultimately helps everyone else from abuse
eminating from your network.
Just a few thoughts,
Mike
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Mathew Want
2013-04-12 06:49:03 UTC
Permalink
Last time they sent out a warning email here along the lines of:

<warning_email>
We never ask for your username and password. If you get an email that looks
like:

"There is an issue with your account. Please reply with your username and
password and we will rectify it"

You should never reply to these messages with your details/
</warning_email>

50 people replied with their usernames and passwords. As much as user
education should be the answer, you cant put brains in pumpkins and you can
patch stoopid.

*sigh*. Looks like the only real answer is to have your systems set up in
such a way that when there is a compromise from this type of thing, they
cant do any damage or it is at least restricted. This is starting to sound
like a song we have sung before.....

Have a pleasant weekend all!

M@
--
"Some things are eternal by nature,
others by consequence"
Post by Paul D. Robertson
I've had friends tell me that they've never failed using fake LinkedIn
accounts when performing pen tests- I'm not sure how valuable training is,
but I'm reasonably confident it and Facebook are the top two common vectors.
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
Post by Dotzero
Training is useful as long as it is appropriate training that the
enduser can reasonably implement.
As far as blocking Facebook/LinkedIn, I don't believe it is a
particularly useful approach. I prefer to educate endusers on ways to
mitigate risks.
An example of this is to never click on purported LinkedIn emails.
Delete them and log into the site to check the message. Another
example is to never accept an invitation to link from someone you
don't know unless someone you know vouches for them. Taking these
sorts of steps significantly reduces potential risks.
I do recommend applying SPF/DKIM/DMARC validation to inbound mail
streams. ISPs and mailbox providers such as Gmail, Yahoo! and AOL are
ahead of enterprises in doing this. Inbound email authentication
validation adds a layer of protection to protect your users and
organization. If you have a brand/domain at risk it is useful to
implement on the sending side to help protect your customers, partners
and vendors.
Reporting malicious URLs and redirectors that arrive in your inbox(s)
or traps to APWG is useful as is reporting them to the abuse contact
in whois or to the upstream provider.
A good practice is to also implement BCP38 outbound filtering. It
protects your reputation and ultimately helps everyone else from abuse
eminating from your network.
Just a few thoughts,
Mike
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone
have any good pointers or tools for phishing/spear phishing threats?
Post by Dotzero
Post by Paul D. Robertson
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Kurt Buff
2013-04-11 00:36:33 UTC
Permalink
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone have any good pointers or tools for phishing/spear phishing threats?
Paul
I believe that several AV vendors are selling products/services with
sandbox VMs that test attachments on emails for behavioral
characteristics, as well as follow links and test those.

Barracuda and GFI for sure, and I would believe that there are others as well.

Would also have to believe that similar technology is available for
web browsing.

Kurt
Michael D. Wood
2013-04-11 01:18:49 UTC
Permalink
Awareness and training, IMHO is the best to combat phishing/spear phishing
attacks. There's no good rule of thumb when it comes to social engineering
attacks, except making sure users are aware and what to look for. ;) .

http://www.us-cert.gov/ncas/tips/ST04-014


--
Michael D. Wood
www.itsecuritypros.org

-----Original Message-----
From: firewall-wizards-***@listserv.icsalabs.com
[mailto:firewall-wizards-***@listserv.icsalabs.com] On Behalf Of Paul D.
Robertson
Sent: Wednesday, April 10, 2013 5:52 PM
To: firewall-***@listserv.icsalabs.com
Subject: [fw-wiz] Phishing

Outside of constant training and blocking Facebook/LinkedIn does anyone have
any good pointers or tools for phishing/spear phishing threats?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
stunder
2013-04-10 22:55:38 UTC
Permalink
I am not sure if they specialize in spear fishing when it comes to
Facebook/LinkedIn but FireEye monitors incoming emails into your company
looking for attempts over your emails.


Eric

sends
Post by Paul D. Robertson
Outside of constant training and blocking Facebook/LinkedIn does anyone
have any good pointers or tools for phishing/spear phishing threats?
Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar
_______________________________________________
firewall-wizards mailing list
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Loading...