SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    Heard of "phishing" e-mails but never got any - until now
Go
New
Find
Notify
Tools
Reply
  
Heard of "phishing" e-mails but never got any - until now Login/Join 
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted
In the last couple of days I have gotten three of these, purporting to be from Bank of America, Chase and Suntrust, wanting me to log into my "account" because it has been "frozen" due to "unusual activity." They look authentic at a very quick glance because of the company logos, but look closer and there are sentence structure and spelling errors. The e-mail address from which they were sent is not even that of the companies. When you put your cursor over the link (which is the entire body of the e-mail, don't click on it!), the URL comes up as owl.li. Another dead giveaway is that I closed my Suntrust account nine months ago and have never had a B of A account at all. I do have a credit card with Chase. If you get anything like this, delete it on sight.
 
Posts: 28921 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
Member
Picture of sourdough44
posted Hide Post
Any institution like bank, financial company, insurance whatever, just read the headline then delete, never clink on a link.

My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.

The same goes to those robo calls. If anyone of importance needs you, then will find you another way.

Should you ever want to verify the issue, log on your normal way, call your numbers, or visit the bank locally.
 
Posts: 6496 | Location: WI | Registered: February 29, 2012Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
My email service is fastmail.com. It has a filter that puts such emails into a spam folder. It’s very accurate – seldom fails to recognize spam as such, and seldom puts legit emails into the spam folder.

Excellent service in all other ways too. $20/year for my service level, I’ve used it exclusively since 2001.



Serious about crackers
 
Posts: 9608 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Member
posted Hide Post
I seem to get at least one a week, either about my SunTrust Account, my Wells Fargo
Account or my BoA account.

I kinda worry that they might be authentic and they might really close my account.

Ohhh, but wait...I don't have an account at any of those places. Big Grin

Bob
 
Posts: 1696 | Location: TampaBay | Registered: May 22, 2009Reply With QuoteReport This Post
Member
Picture of SR
posted Hide Post
quote:
Originally posted by sourdough44:
My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.


The company I work for also does these traps but all you get is an email that let's you know it was a trap and goes over a few tips. If you never fall in a trap, you either get to take a shorten annual security training or skip the training. If you fail some number of traps you have to retake the full course.

The traps seem to come when we are all super busy - in an effort to make sure we stay vigilant.

I was pretty annoyed with the whole process until recently. I got a really well disguised phishing email on my personal account - stuff I learned in the corporate training probably saved my butt (and my personal computer).




Speak softly and carry a big stick loaded Sig
 
Posts: 4892 | Location: Raleigh, North Carolina | Registered: September 27, 2004Reply With QuoteReport This Post
Member
Picture of SR
posted Hide Post
Sorry for the thread drift but I thought this was funny.

A friend that works for a national company (probably 20,000+ employees) said an email came in right at peak season and late in the day. Someone (who was not in the IT group), sent an email to EVERYONE (in the US and Canada) saying that particular email was probably a phishing email and "do not click on the link." By forwarding the email - with all active links - that person now ensured EVERYONE was exposed to the threat.

My friend said that about four people replied to the email. You guessed it - they used "reply all" AND again the active links were included in those 4 emails.

My friend did a reply all and suggested everyone stop circulating the email and that he knew IT was working on the issue. (He did remove the links before he sent his email.)

The folks that re-circulated the emails were professionals with significant degrees and many years of experience.... not one of the 5 contacted IT. (My friend contacted IT and they blocked the link on all company machines.)




Speak softly and carry a big stick loaded Sig
 
Posts: 4892 | Location: Raleigh, North Carolina | Registered: September 27, 2004Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
quote:
Originally posted by SR:
quote:
Originally posted by sourdough44:
My company even sends out phishing ‘traps’ on the co email, then chastises if you were to click.


The company I work for also does these traps but all you get is an email that let's you know it was a trap and goes over a few tips. If you never fall in a trap, you either get to take a shorten annual security training or skip the training. If you fail some number of traps you have to retake the full course.

The traps seem to come when we are all super busy - in an effort to make sure we stay vigilant.

I was pretty annoyed with the whole process until recently. I got a really well disguised phishing email on my personal account - stuff I learned in the corporate training probably saved my butt (and my personal computer).
We started out with the friendly, informative mock phishing e-mails, but have moved into the punishment mode and even worse my employer’s IT has gotten downright evil in their mock phishing. I got nailed earlier this year but listen to this bullshit. The nearest emergency exit was temporarily closed because the window washers were washing directly above it (multistory building). Soon after building services e-mail went out, the IT asshole who does mock phishing (located is in my building) sends out a separate e-mail with a link to a temporary emergency egress floor plan. I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 23829 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
Member
posted Hide Post
quote:
I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).

^^^^
I do not think I could have ever lasted in the corporate world with that kind of foolishness. Being self employed at times is difficult and challenging, but not in that stupid kind of a way. Reminds me of a Catholic boarding school.
 
Posts: 17627 | Location: Stuck at home | Registered: January 02, 2015Reply With QuoteReport This Post
Member
Picture of SR
posted Hide Post
quote:
Originally posted by tatortodd:
…. and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).


Your guy sounds like a handful. Have you asked your boss if others are having similar challenges (is the naughty list full of names)? Maybe your boss has a suggested approach that would help.

Also, can you send suspected phishing emails to IT and have them check them? If yes, flood the guy with every marketing spam email you get.

We click two buttons and the email is routed to IT to be checked.

So I'm clear, I don't try to flood our IT group. But maybe you would want to flood your guy.




Speak softly and carry a big stick loaded Sig
 
Posts: 4892 | Location: Raleigh, North Carolina | Registered: September 27, 2004Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
Based on your questions, you're thinking of a much smaller company. My boss only gets an e-mail when one of his direct reports fails a mock phishing attack (i.e. he wouldn't see the actual list).

As far as clicking to report suspected spam, one button brings up a window where you're asked why you're submitting and a few radio buttons such as whether or not you clicked the link/attachment. After clicking the submit button you hear back at some random, unpredictable time period.

Trust me, I report every unexpected external e-mail that our spam filter doesn't quarantine. One reason is I've received some very good actual phishing attempts including a vendor hacked and supposedly someone I worked with several years prior sent an e-mail with an attachment. It looked odd so I reported it and sure enough the attachment was malware.



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 23829 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
His Royal Hiney
Picture of Rey HRH
posted Hide Post
quote:
Originally posted by tatortodd:
I clicked it, had to have a sit down with my boss, and now am on a list where if I fail another one I lose Internet access (I work on industry committees so I need it and without it my performance will suffer which will affect salary).


WTF?!

That's like 5 years ago in terms of what companies do. How about the company do something instead of playing games with its employees.

One company I worked for (which I think is a better strategy) is that emails that come from outside are marked on the subject as being from an external source as a warning.



"It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946.
 
Posts: 20184 | Location: The Free State of Arizona - Ditat Deus | Registered: March 24, 2011Reply With QuoteReport This Post
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted Hide Post
After a break of a couple of days I got another one yesterday, this one from "US Bank." Again, no account with them. As for those of you whose employers play chickenshit mind-fuck games with you, I'm glad I don't have your jobs. Roll Eyes
 
Posts: 28921 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  What's Your Deal!    Heard of "phishing" e-mails but never got any - until now

© SIGforum 2024