phishing sites: local and remote
MailScanner at ecs.soton.ac.uk
Tue Feb 10 19:13:34 GMT 2009
Are lots of other people seeing this sort of attack?
If so, is it worth my while doing something about it?
I'm not going to start coding for 1 site (sorry David), but if plenty of
people are seeing this then I could possibly do something.
On 4/2/09 16:31, David Lee wrote:
> We try to use MS configs (currently 4.72.5) reasonably close to the
> distributed version. That includes taking the routine updates to
> "phishing.bad.sites.conf" and "phishing.safe.sites.conf".
> Being a university, we are also getting badly hit by spear-phishing
> attempts against our users. We noticed that some of incoming bait
> contained URLs similar to ours. Our true URLs are of the form:
> The incoming bait reads:
> (Real life pattern-matching would need more subtlety than that, but
> you get the idea.)
> The routine anti-phishing stuff detects dubious URLs etc and displays
> bright red "possible fraud" warnings.
> It would be nice if we could supplement this with an additional,
> locally-based, component that could be configured to match suspicious
> URLs based on the local site name.
> Is it possible to run such an antiphishing config, comprising both
> Julian's standard set and a local component?
> If not, might it be a worthwhile addition?
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner