looking for suggestions to catch more phising attempts
johnnyb at marlboro.edu
Mon Nov 8 20:33:19 GMT 2010
I'm trying to figure out what the easiest solution with the smallest
footprint for this problem might be.
Along with a lot of other schools we've had a chronic problem with
phishing attempts that pretend to be us and ask for usernames and
passwords. Pretty much all of them come from compromised accounts at
other colleges and the spammers keep the numbers low enough and slow
enough to not register on phising lists like ScamNailer. We always seem
to have at least one taker who's account gets compromised by spammers
for every major phishing attempt of this type. We have mechanisms like
rate limiting in place to keep the damage limited but I'd really rather
keep the accounts from getting compromised in the first place.
What I need is something like the phishing feature in Mailscanner that
looks for mismatches between claimed and actual addresses and warns that
it might be phising but looks for things like password requests or
pretending to be from "helpdesk" or "webmail" instead. I'd like to
pick-out them out and warn users that it might be a phising attempt.
I think that either Mailscanner MCP or postfix header/body checks could
do this but I'm concerned about the added system load and possible
slowdowns that either may add.
Is their anything obvious I'm overlooking here like a way to do this in
Mailscanner's non mcp configuration?
Network Systems Administrator
Phone: 451-7551 Cell: 451-6748
More information about the MailScanner