Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 [2] 3

Author Topic: Convincing fake invoice  (Read 1128 times)

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Convincing fake invoice
« Reply #15 on: March 07, 2017, 11:07:22 AM »

John, that will be what you recommend that receivers, do then. I was thinking about a UI for the receiving end.
Logged

d2d4j

  • Reg Member
  • ***
  • Posts: 422
Re: Convincing fake invoice
« Reply #16 on: March 07, 2017, 11:14:05 AM »

Hi weaver

Many thanks, sorry I get confused or am slow understanding sorry

The mail servers would have already classified the email, but on the user end, in their email client, a user should be able to set their own rules for email classification e.g. Outlook does

If using imap client, then there should be 2 special folders, usually spam and ham, so any spam or unwanted email just have to sent to spam folder, but usually, you need to send good email to ham folder, so the basian systems know what's good and bad, and is trained correctly

The above applies on mobiles, iPad web based access etc...

Many thanks

John
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3143
Re: Convincing fake invoice
« Reply #17 on: March 07, 2017, 11:15:44 AM »

Worth empahising that the fake invoice that triggered this thread would not have been trapped by any of the authentication methods.  Gmail did identify it as spam, not because of anything in the headers, but only because it contaned a hyperlink to an address that Google had identified as being dodgy.

It wasn't actually spam in the normal sense, it was evidently sent from a genuine account that been hacked.  And carefully crafted to target the organisation's  customers on an individual level, rather than a mass dispatch.  More of a social engineering exploit, rather than spam.

There is a danger, in deceiving ourselves that spam filters can bet rid of all nasty emails, we may become overconfident and more vulnerable to such personal , 'non-spam' attacks.  Imho.
Logged

4candles

  • Kitizen
  • ****
  • Posts: 2039
  • Not young enough to know everything
Re: Convincing fake invoice
« Reply #18 on: March 07, 2017, 02:10:24 PM »

Agreed, 7LM.


I'm generally trusting of people unless I have reason to think otherwise, but when it comes to the internet and email I'm the ultimate cynic - it's the only safe way.
Logged
Most things are somewhere else

renluop

  • Kitizen
  • ****
  • Posts: 2445
Re: Convincing fake invoice
« Reply #19 on: March 07, 2017, 06:26:26 PM »

@Mods! Too OT then delete.

Recently I received a package from one of those claims outfits. I have never, and will never  communicate with such vultures. It had an anonymous email address I use. How the devil did the get that gen?
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4430
Re: Convincing fake invoice
« Reply #20 on: March 07, 2017, 06:28:49 PM »

Sadly spam is more and more commonly been sent from legit email accounts whether its by using hacked accounts like this case or some other means, by legit I mean where has proper SPF, DKIM, RDNS etc. and as such passes compliance checks, then the only way left to filter the spam is via reputation systems and scanning the email body itself.

Since the way to pass filters is all public, then sadly spammers also have access to that information and as such can learn how to avoid been marked as spam, its a constant game of whack a mole.

We are also seeing over the years various anti spam services been shut down, the latest one been the sought honeypot which has just been closed without a reason given, just a note on the spamassassin page saying since dec 2016 it is no longer updated. I expect likely denial of service attacks are involved.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Convincing fake invoice
« Reply #21 on: March 07, 2017, 07:11:38 PM »

I wonder if social network technology could be used to fight spam. If you form a group with your trusted friends, then one person gets some spam, you have it uploaded to a server, original headers and all, then content- and meta-data-based deductions are made based on it for look-alike spam matching and all of your friends get the new spam-matching db rule sent to their mail servers, or you blacklist an email address or domain or regex and publish that to your friends. So it's a rule-sharing system.

A variant that would work for non-trusted groups would be a vote-based system, but only if identities are checked and strict measures can be implemented to prevent false blacklisting for malicious purposes by creating a large number of bogus users or having bots as users. It would have to be a network of trust relationships possibly. One good thing would be to encourage users to separate out "simply unwanted" mail that is not truly spam in the legal sense of UCE or whatever but is an annoyance to them personally, vs true spam vs malicious email. There would have to be a lot of blocks against malicious or simply unwise blocking based on databases that are constantly updated to protect the system. For example, we don't want someone to block the entire house.com domain because they received a nuisance email from HP that might or might not technically qualify as true spam, it is just damned annoying, user never signed up for it, or can't remember having done so, maybe it's sneaky small print or literally illegal. But in that case we don't permit something that broad because "domain=*.hp.com" is on a whitelist (non-spammer _organisations_) but an email address-specific or content-matching blacklist rule would be allowed for that particular email. Perhaps someone has already done this.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 2445
Re: Convincing fake invoice
« Reply #22 on: March 07, 2017, 10:55:47 PM »

Has anybody seen this?
Logged

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Convincing fake invoice
« Reply #23 on: March 07, 2017, 11:08:58 PM »

Wow.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3143
Re: Convincing fake invoice
« Reply #24 on: March 07, 2017, 11:46:52 PM »

Has anybody seen this?


Hmm, I wonder if The Gruniad has fallen for a trick here.  Following that link, which is to The Guardian...

Quote
According to security researchers at MacKeeper

Mackeeper is one of these packages that, whilst technically legal, often seems to get installed unexpectedly on the back of either some unrelated package, or as part of a bigger malware bundle.  It then starts warning about doom and gloom about to befall OS X, even though the only risk is from the malware that slipped in alongside Mackeeper.

I personally, would not trust anything that they have to say.
« Last Edit: March 08, 2017, 12:39:14 AM by sevenlayermuddle »
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3143
Re: Convincing fake invoice
« Reply #25 on: March 08, 2017, 12:24:01 AM »

See more here re MacKeeper.

https://blog.malwarebytes.com/puppum/2016/08/pup-friday-mackeeper/

it's all a bit near the knuckle for me as I (/we) were bitten by exactly that OS X malware attack just last week.  As above, I found MacKeeper and another malware bundle were the root of the symptoms, and both had gained access to the system on the back of a bogus flash update. See my post

http://forum.kitz.co.uk/index.php/topic,19430.0.html

Logged

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 7km ADSL2; IPv6; Firebrick
Re: Convincing fake invoice
« Reply #26 on: March 08, 2017, 01:38:56 AM »

I'm afraid I would never buy an OSX box. Done a really good job of scaring me off there. iOS - yes.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3143
Re: Convincing fake invoice
« Reply #27 on: March 08, 2017, 03:05:51 AM »

I'm afraid I would never buy an OSX box. Done a really good job of scaring me off there. iOS - yes.

That is your choice, but hopefully not made just because The Guardian may have been fooled into publishing a story about email spam, from a source that I associate with Malware and would not trust.   You can't blame that on OS X?

Perssonally, I still feel much safer with my Mac than either windows or Linux boxes.   The malware in question tricked the user into responding to a prompt to manually install it, authenticating by password, unlike windows malware that usually gets in totally unseen ivia some underlying OS vulnerability.
Logged

renluop

  • Kitizen
  • ****
  • Posts: 2445
Re: Convincing fake invoice
« Reply #28 on: March 08, 2017, 07:03:46 AM »


Hmm, I wonder if The Gruniad has fallen for a trick here.  Following that link, which is to The Guardian...

Mackeeper is one of these packages that, whilst technically legal, often seems to get installed unexpectedly on the back of either some unrelated package, or as part of a bigger malware bundle.  It then starts warning about doom and gloom about to befall OS X, even though the only risk is from the malware that slipped in alongside Mackeeper.

I personally, would not trust anything that they have to say.
FWIW also here.
Logged

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3143
Re: Convincing fake invoice
« Reply #29 on: March 08, 2017, 06:02:22 PM »

When it comes to spam email lists, I strongly suspect the main culprits are the individuals themselves, not being sufficiently defensive.

This afternoon I bought some stuff in Halfords.  At the till, they were asking people if they had an email address "for the receipt".  The correct answer is, of course, "I do have an email address but I am unwilling to tell you what it is".  Unsurprisingly though, the three people in front of me in the queue meekly complied, without even asking any questions about privacy policies.

That was the third time this week I've been asked for an email address, others were at a railway station when buying a travel card, and at an opticians having an eye test.  Same answer each time, "I am unwilling to tell you...".   Companies  would not be harvesting email addresses unless they planned to spam you with reminders or special offers or, worse, to sell your email on to other spammers.  And even if they don't sell it on, a rogue employee might raid the list and sell it, or their servers might get hacked.   

I must be doing something right because I have been using exactly  the same private email since 1999, yet the spam count for the last 30 days stands at just 10 messages .  Not too bad, really.  ;)
« Last Edit: March 08, 2017, 06:21:56 PM by sevenlayermuddle »
Logged
Pages: 1 [2] 3
 

anything