New phishing strategy

[Ian]

On 6 Feb 2007 at 7:31, Drew Burchett wrote:

> The attached email is an example of a number of recent phishing attempts that my users and I 
> have been receiving over the past several days. As you can see, it isn´t like your normal phishing 
> attempt because the link that it´s sending you to isn´t masked by another link in any way. This 
> allows it to slip right through MailScanner´s phishing filter. The site seems to have been already 
> taken down, and I´ve fed these into my spam filter to identify them as spam, but I´m wondering if 
> there´s anything else that can be done within mailscanner or spamassassin to stop them?

Hi,

Not really as this would rely on MailScanner knowing that the Heritage Bank's website is 
'bankwithheritage.com' and not bankwith-heritage.com. MailScanner can only detect that the 
title of the link doesn't match the target.

Your best course of action is to educate users not to trust anything sent in an email, no 
matter what it is.  If in any doubt they should pick up a printed phone book, look up the 
number for their financial institution, call and ask.

Regards

Ian
--