Phishing Defenses

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715401

    Comments posted to this topic are about the item Phishing Defenses

  • roger.plowman

    SSChampion

    Points: 10140

    As with all things, it's a double-edged sword.

    While I would never disdain backups for protecting data the backup itself introduces more attack surface, and potentially an unguarded one, or at least one that isn't normally given much thought.

    Typically, there are multiple backups, previous versions, if you will. If the last one's corrupted, fall back to the one before, and so on.

    Solid strategy, but a backup is still a copy of the data. While your database might bristle with all manner of defenses, some of them active and aggressive, how many defenses does your backup have?

     

  • Eric M Russell

    SSC Guru

    Points: 125010

    I seems to me that, if you can train employees how to spot a phishing email, then a anti-malware scanning product can also identify phishing emails, even if an email only contains a link or request for information instead of and attachment. Ideally an organization can prevent these emails from landing in email boxes in the first place.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • jay-h

    SSCoach

    Points: 18808

    "anti-malware scanning product can also identify phishing emails"

    This is already being done. There are things a system would spot, and there are things that a human would spot. The two together is better. (humorous side point: my Verizon personal email flagged a Verizon ad as junk mail.)

     

    A word of caution about personal exposure. Targeted phishing now involves searching sites like linkedin for clues to make their emails more believable. (Some are also using them for other nefarious purposes: Immigration Service employees have been doxed for harassment based on their linkedn profiles)

     

     

    ...

    -- FORTRAN manual for Xerox Computers --

  • Eric M Russell

    SSC Guru

    Points: 125010

    An add campaign email may be flagged as junk if enough users

    jay-h wrote:

    ...

    This is already being done. There are things a system would spot, and there are things that a human would spot. The two together is better. (humorous side point: my Verizon personal email flagged a Verizon ad as junk mail.)

    ... 

    I guess if enough users manually flag an advert email as junk, then it gets categorized as junk automatically.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 715401

    Eric M Russell wrote:

    An add campaign email may be flagged as junk if enough users[

    I guess if enough users manually flag an advert email as junk, then it gets categorized as junk automatically.

    This is true. Many SPAM systems rely on users determining something is SPAM. However, until it's auto classified, those that are doing the classifying, or receiving the notes, are very vulnerable.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply