[Dshield] Just received (phishing)
dshield at oitc.com
Fri Feb 3 13:57:27 GMT 2006
At 6:53 AM -0500 2/3/06, J Lake wrote:
>Someone in my organization was taken in by a phishing scam this week.
>When I asked him about it further, I found out that the e-mail address that
>the phish was sent to is not an address in general circulation. I think he
>fell for it because that address was used by the bank and only one or two
>other people had it.
>So my question to the group is, should I imply from this that the bank's
>information was compromised in some way? It is a really small, local bank. I
>can't think of any other reason for someone to associate that bank and his
>uncirculated e-mail address without figuring that the bank either losing that
>information, or selling it. Can anyone help me understand this better?
It was probably either harvested from your server, guessed (if it was
a simple or dictionary based address), or harvested from from a
compromised machine at the "other peoples".
As for small bank, its just phishing by shotgun. In the last month I
have gotten phishing concerning 2 midwestern small credit unions and
a small bank in canada. It also may be phishing by someone local who
is familiar with the bank.
I think phishing has been publisized for the big guys so much that
the phishers are branching out to smaller fry because they are easier
to social engineer now.
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax),
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com
More information about the list