How can a phishing attack possibly work with e-mail filtration?


  1. cytherian
    Posts : 218
    Windows 7 Home Premium x64
       New #1

    How can a phishing attack possibly work with e-mail filtration?


    With all of the awareness today of malware, free anti-virus programs, and aggressive email filtering, it would seem that only the careless or ignorant would manage to get their computers infected.

    But phishing still seems to be the most popular way to get an infection. Someone gets an e-mail from their banking institution, with a link to click on and a request to attend to some matter there, but the link goes to a malicious website that mimics the trusted institution website. The elderly must be the most vulnerable to this, as they won't be as sharp to scrutinize such communication. Then there's also the matter of a favorite website becoming infected, to attempt deception while you're visiting it, but I imagine that this is quite rare.

    But isn't e-mail filtration strong enough now that the e-mail MUST come from the bank's trusted domain? Anything that doesn't match goes to the spam folder. Or, have hackers come up with a way to make an insertion into the e-mail stream such that their e-mail header will contain the proper routing information from the bank's domain? I just don't get how phishing should still be so effective at creating infections.

    Incidentally, there's a UC Berkeley research paper on the subject that is rather interesting: Why Phishing Works
      My Computer
    Quote Quote

  3. HAVOC
    Posts : 1,442
    Windows 7 Professional 64bit
       New #2

    You can't fix stupid.

    I think the only way to slow it down is to educate everyone, not just the elderly. Tell them that if they get an email from a bank, delete it and go to the bank in person to ask about the email. The same goes with other email, just delete them.
    You would need filters setup to delete these types of emails.
      My Computer
    Quote Quote

  4. MilesAhead
    Posts : 5,092
    Windows 7 32 bit
       New #3

    Likewise if you get some communication from an outfit where you have an online account that looks like it could be legit, don't go through a link in the email. Just browse to your account online and log in. If something is really going on there should be a notice you can read there.
      My Computer
    Quote Quote

  6. Alejandro85
    Posts : 2,468
    Windows 7 Ultimate x64
       New #4

    Most people don't care at all about security, that's it. They just want to click a link and make something work, and don't look into the details that reveal a phishing attack.
    That's why many banking sites send the mail "We don't ask personal info by email, don't click any link", but really many people don't care at that.

    Common sense should be the very first line of defense, and is THE most effective one. So antiviruses came to try to comply that function.
      My Computer
    Quote Quote

 

  Related Discussions
phishing emails attack
in Browsers & Mail

Hi guys. In the last week, I have been getting quite a few "phishing" emails. 6 from one crowd purporting to be from an Australian bank, saying "a term deposit has been opened.." I deleted those, unopened. (then researched and found it to be a common scam) Today but, I got another one,...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 19:15.
Find Us