I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vbcvp4$eoqp$1@dont-email.me...
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
More likely the ingenuity of scammers will adapt accordingly.
I got a "Your amazon account has been charged" call today.
Caller ID gave a local number, just different last four digits.
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
On 9/5/2024 4:56 PM, Edward Rawde wrote:
"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vbcvp4$eoqp$1@dont-email.me...
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
More likely the ingenuity of scammers will adapt accordingly.
They have to coax/entice/trick you into DOING something.
By making it harder for you to "do things" acts as a
deterrent to these sorts of exploits.
E.g., if you had to cut/paste a URL into a browser (instead
of clicking on a link embedded in an email), you would be
less inclined to casually do so. AND, would be forced to
see the ACTUAL URL instead of letting it hide behind
"click here".
I got a "Your amazon account has been charged" call today.
Caller ID gave a local number, just different last four digits.
Our phone is pretty well locked down. Calls go to one of
two voice mails -- without ringing the phone; neither is
checked often (and one is NEVER checked).
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Actually that's not quite true because at the server level I also have https://rspamd.com/ which works well.
I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
On 9/6/2024 4:59 PM, Edward Rawde wrote:
OTOH, if you are a WELCOMED caller, the phone actually *rings*.
Two of our phones only accept calls from the OTHER of our
phones (the numbers have never been "given out" to anyone
so an incoming call that is not from one of our phones is
obviously not something we want to receive). If you
deliberately fail to set up your voicemail, then these
calls just fall off into never-never-land.
I don't bother filtering email except at the server level where some countries can't connect inbound at all.
Actually that's not quite true because at the server level I also have
https://rspamd.com/ which works well.
I let my MTAs handle spam detection. But, they can't determine if a
"please verify your email" message is warranted, or not. And, those
often contain a link to make it easier for you to invoke a browser
at the specific target URL.
I can't remember when I last got a message containing a dodgy URL or dodgy attachment.
Unexpected attachments are always discarded.
I regularly receive attachments from folks on my non-published accounts. Often, just photos that they are using to illustrate something. Other
times, large chunks of code or documentation. Sometimes, EXEs (where
they want to illustrate the behavior of a piece of code and know that I
don't have access to their native RTOS to run a compiled binary for it).
The same applies in reverse. E.g., if I want to get an appraisal of
the differences in pronunciation for different algorithms, it's easier
to send them a WINDOWS binary and let *them* choose the words to compare. This lets them also play with the characteristics of the *voice* (which
is different from the *pronunciation*) to accentuate any differences
they perceive -- based on their own hearing artifacts.
Of course, this all gets executed in a sandbox (belts-n-braces).
Sometimes I'll have a look at where a dodgy URL goes but most often it goes nowhere due to my outbound filtering.
The phishing protection doesn't rely on filtering messages.
Rather, just not making URLs easy to access (or attachments
easy to open).
Folks who have any of my "non-public" email addresses are
treated like you would expect a trusted correspondent to be
treated. But, traffic on the "public" (published) accounts
is highly censored.
On Thu, 5 Sep 2024 12:11:24 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
Outlook will apparently send anything through, even obvious phishing
ploys.
On Thu, 05 Sep 2024 15:11:42 -0700, john larkin <jl@650pot.com> wrote:
On Thu, 5 Sep 2024 12:11:24 -0700, Don Y <blockedofcourse@foo.invalid> >>wrote:
I'm checking my "deflected" incoming mail to see if anything that >>>*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
Outlook will apparently send anything through, even obvious phishing
ploys.
It's a mail application, not an anti-virus filter.
Mail servers of paid ISPs are getting less responsible in that regard,
also, no longer filtering spam 'for free'.
You're probably your own best mail filter.
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
On 9/5/24 12:11 PM, Don Y wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a PG&E address and had a PG&E link in there!" ... "There is a customer service number
on your paper statements. Did you call them about that past due accusation?" ... "Ahm, well, no".
When it comes to politics and elections it's even worse. "But he had such a nice smile!". Don't get me started ...
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
On Thu, 5 Sep 2024 12:11:24 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
On 9/7/2024 11:35 AM, Joerg wrote:
On 9/5/24 12:11 PM, Don Y wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a
PG&E address and had a PG&E link in there!" ... "There is a customer
service number on your paper statements. Did you call them about that
past due accusation?" ... "Ahm, well, no".
I see it more as laziness. They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.
"Didn't you check up on the 'company' before committing to that $20,000 swimming pool he was eager to sell you?"
"But, he had a *truck* with the company's name on it!"
(Wow, imagine how hard that would be to accomplish! <rollseyes>)
When it comes to politics and elections it's even worse. "But he had
such a nice smile!". Don't get me started ...
I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).
It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!). That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.
The "Reply-To" address (something I hadn't checked in previous
filter designs, relying, instead, on the "From" address) cinched it:
Instead of "Ray" it was "RRay".
I replied: "Sure! I'll drop it off on my way out to shopping!"
Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows company. We would like to help you solve a problem we have detected with your Windows"... me "Oh yeah, you are right, there are at least nine windows here that really need cleaning. Do you use Windex for that?"
On 9/9/2024 1:58 PM, Joerg wrote:
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows
company. We would like to help you solve a problem we have detected
with your Windows"... me "Oh yeah, you are right, there are at least
nine windows here that really need cleaning. Do you use Windex for that?"
We don't accept calls from "unknown" callers so don't have that problem.
Regardless, one would *think* that folks could use some common sense;
"How did this guy discover a problem with MY computer and know the
telephone number that would get him in touch with ME?"
We're really careful about giving out "personal" information, even to friends, out of fear they will record it in some device that can be compromised and used as a beachhead to access *us*.
"My birthdate? Oh, you MISSED it -- it was a few years ago. But,
that's OK; I wasn't expecting you to acknowledge it... Thanks
for the sentiment, though!"
[I use an assortment of random dates when queried by online services, 1/1/1980 being a favorite, for obvious reasons]
On Thu, 5 Sep 2024 12:11:24 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
On 9/7/24 5:04 PM, john larkin wrote:
On Thu, 5 Sep 2024 12:11:24 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I've noticed that I get very little spam or phishing on Saturday or
Sunday. Do bots get the weekend off?
Only the unionized bots do.
On 9/7/24 3:18 PM, Don Y wrote:
On 9/7/2024 11:35 AM, Joerg wrote:
On 9/5/24 12:11 PM, Don Y wrote:
I'm checking my "deflected" incoming mail to see if anything that
*should* have been allowed through was mistakenly diverted
(false positive).
I see a fair number of phishing attempts on my "public" accounts.
But, all are trivially identified as such.
So, how is it that folks (organizations) are so often deceived
by these things? Are users just lazy? Would it be more helpful
to have mail clients make it HARDER to activate an embedded
URL or "potentially compromised" attachment?
Or, will the stupidity of users adapt, accordingly?
I am generally stunned how naive people can be. "But it came from a
PG&E address and had a PG&E link in there!" ... "There is a customer
service number on your paper statements. Did you call them about that
past due accusation?" ... "Ahm, well, no".
I see it more as laziness. They know there are ways to check
<whatever> but don't want to be "bothered" to do those things.
"Didn't you check up on the 'company' before committing to that $20,000
swimming pool he was eager to sell you?"
"But, he had a *truck* with the company's name on it!"
(Wow, imagine how hard that would be to accomplish! <rollseyes>)
When it comes to politics and elections it's even worse. "But he had
such a nice smile!". Don't get me started ...
I had *one* email slip through my (first version) of my filters.
It was to a "non-public" account that I use so had to pass *just*
my WhiteList (content is "trusted" from WhiteListed senders).
It was a solicitation for money for a "friend" -- who was
suspiciously not near his phone (yet ALWAYS sends mail FROM his
phone!). That, coupled with the ambiguous/impersonal plea
(e.g., not using my real name to address me) threw up flags.
The "Reply-To" address (something I hadn't checked in previous
filter designs, relying, instead, on the "From" address) cinched it:
Instead of "Ray" it was "RRay".
I replied: "Sure! I'll drop it off on my way out to shopping!"
Of course, this put the emailer in a bit of a panic as I would now
be in direct contact with the person he was impersonating and, as
such, could alert him to the ongoing scam.
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows
company. We would like to help you solve a problem we have detected with
your Windows"... me "Oh yeah, you are right, there are at least nine
windows here that really need cleaning. Do you use Windex for that?"
On 9/9/24 2:41 PM, Don Y wrote:
On 9/9/2024 1:58 PM, Joerg wrote:
Too late to prevent his ex-wife from sending $400 to "him"...
Maybe she will have learned her lesson?
Mine was a phone call. Heavy Indian accent, "This is the Windows company. We
would like to help you solve a problem we have detected with your
Windows"... me "Oh yeah, you are right, there are at least nine windows here
that really need cleaning. Do you use Windex for that?"
We don't accept calls from "unknown" callers so don't have that problem.
I don't either but I could not resist to pull that prank.
Regardless, one would *think* that folks could use some common sense;
"How did this guy discover a problem with MY computer and know the
telephone number that would get him in touch with ME?"
We're really careful about giving out "personal" information, even to
friends, out of fear they will record it in some device that can be
compromised and used as a beachhead to access *us*.
"My birthdate? Oh, you MISSED it -- it was a few years ago. But,
that's OK; I wasn't expecting you to acknowledge it... Thanks
for the sentiment, though!"
[I use an assortment of random dates when queried by online services,
1/1/1980 being a favorite, for obvious reasons]
I never give them anything.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 415 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 109:41:06 |
| Calls: | 8,692 |
| Calls today: | 1 |
| Files: | 13,259 |
| Messages: | 5,948,497 |