• Patch Lady – yeah right pull the other one

    Home » Forums » Newsletter and Homepage topics » Patch Lady – yeah right pull the other one

    Author
    Topic
    #348610

    So an email comes into the office and at this time of year we will often get files.  The email is spoofing a person that normally has emailed our firm
    [See the full post at: Patch Lady – yeah right pull the other one]

    Susan Bradley Patch Lady/Prudent patcher

    7 users thanked author for this post.
    Viewing 4 reply threads
    Author
    Replies
    • #348644

      Yeah, that.

      Whose bright idea was it to have various documents protected by a service login? Really?

      Because, now we’re at a point where there’s no practical way for users to tell legitimate login-protected documents from these.

      And what many of these do, is once they get your credentials to some unified cloud provider (Office 365, Google, …) they’ll have access to your mailbox and address book. They’ll then put a bot to work harvesting addresses from these and sending another batch of scamspam, possibly having dropped a payload for that in your cloud storage that’s accessed with the same authentication… say, SharePoint Online… and only *then* start to work you over.

      Now, how would we realistically prevent this? Remembering that standard Microsoft credential question popups regularly don’t even have any visible reference to their parent window, making you have to guess if it’s from Outlook or Excel this time… let alone a PDF reader…

      MFA could help if it was obnoxious enough. As in no sharing authentication tokens between component services, unlike now. Not likely.

      Also separate the content protection and the transfer and storage access authorization.

      Seems that there’s no inexpensive perfect solution available but for a lot of this, old-fashioned PGP – with public keyservers! – would still be a lot better than the current state of things.

      3 users thanked author for this post.
      • #349124

        This type of phishing is one of the best reasons to stay away from Office 365.  The users I support don’t fall for it because they don’t have O365 credentials to try.

    • #348640

      I use Outlook and I get phishing emails.

      To rub salt in the wounds Outlook also marks emails as Junk which clearly aren’t so I have to keep checking my junk folder.

    • #348686

      I’ve seen that same email come into our organization. Since we don’t utilize fileshare sites we just started blocking the major ones at the firewall and have made part of regular securiting training to remind people that we don’t accept document sent to us this way.

    • #348690

      Since my users don’t know their email password, they at least can’t give it away…

      But this is a big pain. I often receive emails from people asking if this is a virus.

      To top it off, sometimes legitimate senders use Microsoft short url so you can’t see where the link really goes to and they use that to send documents that aren’t even sensitive.

      Refusing that kind of documents when not absolutely necessary seems the right way to get people to stop using this dangerous feature.

      • #348754

        Refusing that kind of documents when not absolutely necessary seems the right way to get people to stop using this dangerous feature.

        That’s what I’ve been saying.

        Could just as well tilt at windmills it seems… because by law there has to be some kind of protection for a lot of the content people want to send, now, and apparently everything else is too difficult.

        1 user thanked author for this post.
    • #348923

      I think some of these phishing emails are getting more refined, compared to the early days when they were mostly about incredibly lucrative propositions from Nigerian princes and ladies in serious financial distress asking for compassionate help for the sake of their poor children from such a compassionate and loving person as the email recipient was certain to be.

      Some now look as real and honest to goodness business emails, at least up to the point where one finds a request for things such as one’s email account details, which the crooks sending those emails cannot avoid asking, as for them that is the whole point of the exercise. It is a clear sign that things are not right, but there must be more than one mark that goes on and gives away that personal information, otherwise phishing emails would not be seen as often as they are now.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    Viewing 4 reply threads
    Reply To: Patch Lady – yeah right pull the other one

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: