Timing is Everything

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716562

    Comments posted to this topic are about the item Timing is Everything

  • roger.plowman

    SSChampion

    Points: 10173

    Who in their right mind makes an employee account privileged? User accounts should NEVER have privileges sufficient to do DBA or system administrator work, that is what admin accounts are *for*.

    Even if you are primarily a DBA or administrator you should still have 2 accounts, one for admin work and one for user stuff like email etc.

    Growl (no caffeine yet)

     

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716562

    In small companies, plenty of people have privileged accounts. In large companies, this often happens when various groups/departments set up their own servers. I've found more than a few engineers with admin privileges on boxes under desks that were running something important.

    Even in many large companies, plenty of people have 2 accounts, and use runas, but that wouldn't help here. You really need email contained in a vm/container these days, which isn't the norm.

     

  • Rod at work

    SSC-Dedicated

    Points: 33152

    The large state government agency I work for is often under phishing attacks as well as other penetration attacks. We've got a good security team (kudos to them!) who work hard at defending us as well as educating us. As they are alerted to new phishing attempts against us, the security team takes a screen shot of the phishing email, then sends the image to everyone warning them against the phishing attack.

    The ones that I have the hardest time against are those occasional emails that appear to come from someone at the agency. The nefarious people get an image of our email signatures, so it looks legit, at least on the surface. And they almost always say something about our pay. Since one's salary is involved, everyone reads these messages. To date, as far as I know, no one has actually clicked on the links in these phishing attacks, but I wouldn't be at all surprised if it happens some day. I do think that the continual education by our security team makes a really huge difference.

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716562

    I get some amazingly creative ones from HR services, though luckily none have hit the right one we use at Redgate. I also get a few great ones that purport an issue with Paypal. Never click on those links, but just log in if I'm worried. Mostly, I look at headers and can see these aren't legitimate from the actual company. Have seen some Amazon ones which are surprisingly poorly done.

    This is a tough area, especially when someone makes an attack with a topic that you're expecting. I think having public calendars and other contextual information available is a bad idea. Imagine someone being able to scrape public TripIt information and send you a note about your upcoming vacation that would get you to click? I think more and more we ought to be https for everything and really limit the amount of public context information from services where we can.

  • Eric M Russell

    SSC Guru

    Points: 125032

    Sadly, there are some crooks directing folks to fake Equifax settlement websites.

    https://www.consumer.ftc.gov/blog/2019/07/equifax-data-breach-beware-fake-settlement-websites

     

     

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell

    SSC Guru

    Points: 125032

    Most phishing scams are automated and impersonal, while other scams hit closer to home. For example, last year my grandmother got a call from a guy pretending to be me. He claimed he was in a Florida jail and needed her to wire bail money to an attorney. To make himself sound legit during the conversation, he mentioned the name of another family member and other publicly available information he could have gotten from a google search. He explained his unrecognizable voice was due to having a broken nose resulting from a fight with the police. You can imagine how emotionally distressing that was for her. Fortunately, she hung up the phone and called my dad, who then called me and confirmed that I was in fact at home and doing perfectly fine.

    It makes me think of that old Hank Williams Jr song:

    ".. I'd love to spit some beech nut in that dude's eyes, and then ......"

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716562

    That's an appropriate song. Ugh, people are horrible sometimes.

  • Y.B.

    SSChampion

    Points: 11534

    Where I work the IT folks that need elevated permissions have two accounts for the exact same reasons you mention Steve.  But for some reason the Network team that implemented this give their normal accounts unrestricted access.  Gotta love the "do as I say don't do what I do" philosophy.


    SELECT quote FROM brain WHERE original = 1
    0 rows returned

  • Rod at work

    SSC-Dedicated

    Points: 33152

    Steve Jones - SSC Editor wrote:

    I get some amazingly creative ones from HR services, though luckily none have hit the right one we use at Redgate. I also get a few great ones that purport an issue with Paypal. Never click on those links, but just log in if I'm worried. Mostly, I look at headers and can see these aren't legitimate from the actual company. Have seen some Amazon ones which are surprisingly poorly done.

    This is a tough area, especially when someone makes an attack with a topic that you're expecting. I think having public calendars and other contextual information available is a bad idea. Imagine someone being able to scrape public TripIt information and send you a note about your upcoming vacation that would get you to click? I think more and more we ought to be https for everything and really limit the amount of public context information from services where we can.

    Oh, WOW! I hadn't even thought of that. My parents are traveling around the country now (they started today) and they merrily posted their itinerary on Facebook.

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Rod at work

    SSC-Dedicated

    Points: 33152

    Eric M Russell wrote:

    Most phishing scams are automated and impersonal, while other scams hit closer to home. For example, last year my grandmother got a call from a guy pretending to be me. He claimed he was in a Florida jail and needed her to wire bail money to an attorney. To make himself sound legit during the conversation, he mentioned the name of another family member and other publicly available information he could have gotten from a google search. He explained his unrecognizable voice was due to having a broken nose resulting from a fight with the police. You can imagine how emotionally distressing that was for her. Fortunately, she hung up the phone and called my dad, who then called me and confirmed that I was in fact at home and doing perfectly fine.

    It makes me think of that old Hank Williams Jr song:

    ".. I'd love to spit some beech nut in that dude's eyes, and then ......"

    That's amazing, Eric. Sounds like that person may have either known you or your grandmother.

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Eric M Russell

    SSC Guru

    Points: 125032

    Rod at work wrote:

    Eric M Russell wrote:

    Most phishing scams are automated and impersonal, while other scams hit closer to home. For example, last year my grandmother got a call from a guy pretending to be me. He claimed he was in a Florida jail and needed her to wire bail money to an attorney. To make himself sound legit during the conversation, he mentioned the name of another family member and other publicly available information he could have gotten from a google search. He explained his unrecognizable voice was due to having a broken nose resulting from a fight with the police. You can imagine how emotionally distressing that was for her. Fortunately, she hung up the phone and called my dad, who then called me and confirmed that I was in fact at home and doing perfectly fine.

    It makes me think of that old Hank Williams Jr song:

    ".. I'd love to spit some beech nut in that dude's eyes, and then ......"

    That's amazing, Eric. Sounds like that person may have either known you or your grandmother.

    No, that would be a gut reaction, but I don't think so. After doing some research, it seems this is a very common scam and the caller was following the typical Modus Operandi, even the part about the broken nose.

    https://www.aarp.org/money/scams-fraud/info-2016/how-to-beat-grandparent-scam.html

    https://www.youtube.com/results?search_query=recording+grandparent+scam+bail+money

    All the scammer needs as a starting point is the name of someone with a living grandparent. From there they can go to a website like mylife.com and for a few dollars get a report of estimated net worth, related family members, phone numbers, addresses, etc. The scammer can say things like: "Hi, grandma, it's your grandson, Trevor. I'm sorry to call you so late, but I'm in trouble. I would have called Greg or Susan, but you know how busy they are with the new baby."

     

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic. Login to reply