North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ISP phishing

  • From: Robert Boyle
  • Date: Tue Jun 28 19:34:26 2005

At 05:17 PM 6/28/2005, Mark Tombaugh wrote:
On Thu, 2005-06-23 at 09:54 -0400, Robert Boyle wrote:
> we enabled a global rule which blocks
> any email from accounts such as billing, root, postmaster, antivirus,
> abuse, security, etc. which don't originate from our management IP space
> where our people work. As a result, we have stopped these phishing scams
> for our users dead in their tracks.

You sound so sure about that... Am I missing something?

From: E-gold Safeharbor Department <[email protected]>
Subject: Attention! Your account has been violated!

From: "SOUTHTRUST" <[email protected]>
Subject: SouthTrust Bank: important account notification

We have stopped the phishing which looks like it is from us( Not from "their" bank, paypal, ebay, credit card companies, etc. Our main concern was with messages which looked like they were from [email protected] telling people there was a problem with their email and they have to run this file or a problem with their account payment from [email protected] and the details were in the attached file. To the novice user, it may look legitimate since we are their ISP and with that comes a certain amount of trust - despite the fact that we would never send files to our customers and tell them to run them. However, the spoofed messages from us have completely stopped now. The regular phishing scams continue, but SPF does help with this if the customers have turned it on for their account. Unfortunately, the customers smart enough to turn it on usually won't be suckered by phishing scams in the first place.


Tellurian Networks - The Ultimate Internet Connection | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin