[Dshield] Just received (phishing)

Tom dshield at oitc.com
Fri Feb 3 13:57:27 GMT 2006


At 6:53 AM -0500 2/3/06, J Lake wrote:
>Someone in my organization was taken in by a phishing scam this week.
>When I asked him about it further, I found out that the e-mail address that
>the phish was sent to is not an address in general circulation. I think he
>fell for it because that address was used by the bank and only one or two
>other people had it.
>
>So my question to the group is, should I imply from this that the bank's
>information was compromised in some way? It is a really small, local bank. I
>can't think of any other reason for someone to associate that bank and his
>uncirculated e-mail address without figuring that the bank either losing that
>information, or selling it. Can anyone help me understand this better?

It was probably either harvested from your server, guessed (if it was 
a simple or dictionary based address), or harvested from from a 
compromised machine at the "other peoples".

As for small bank, its just phishing by shotgun. In the last month I 
have gotten phishing concerning 2 midwestern small credit unions and 
a small bank in canada.  It also may be phishing by someone local who 
is familiar with the bank.

I think phishing has been publisized for the big guys so much that 
the phishers are branching out to smaller fry because they are easier 
to social engineer now.

Tom

-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
Google Talk: trshaw at gmail.com
skype: trshaw


More information about the list mailing list