Wednesday, March 21, 2007

Phishing scams

So I gave the guy I'm training access to our spam filter here at work. Just a little background on the filter. We use a third party which we route all our mail through to scan it for spam and viruses. Suspicious emails are then put into quarantine. There is an option to allow users to release or delete the emails that are in their own quarantine folder. Knowing my users though, I know that most will release all emails, as they "may be important". So being the extra good admin I am, I set it up so that they don't get the email, I go through the quarantine folder my self. It's not like I have to open each person's folder, I have it set so all go into one folder. Even still it's not a lot, about 150 a day for everyone (the spam filter has many levels, and most I have it auto delete, these are just the ones that might be spam but it can't rule out). So I go through them, which is pretty easy to notice which are spam and which aren't. It takes maybe 10 mins. out of my day so I'm ok with it. We'll I need to train the new guy (there's only me and him for the company in the IT department). So today was his first day with handling the filter himself. I figure spam is a petty straight forward thing, you can tell just by looking at the from address and the subject line fairly quickly if it's spam or might be legit. You delete all the ones that you know are and then scrutinized further the ones they look like they might be good, or false positives as they're termed. We'll he saw a Phishing email (you know the ones, your "bank" is sending you an email stating your account is expired or your password is expired and you need to click on the link below to re-activate it) and thought this is legit and released it. Well it must have had a bunch of people in the "to" field because I get emails from about 5 people in about 5 mins asking "what's this email about". These are my good users. If something doesn't look right, they email me or call me on it before proceeding. I am confused by the email. Surely our spam filter should have caught this email. So I investigate, and low an behold it did catch it. I ask the new guy, "do you know what a phishing scam is?", nope. He's a new guy, so I explain. I then have to explain to my manager, that no we don't need to put a specific block on for this email, that our filter did catch it, it just was released by accident by us, and it won't happen again. Then I have to write a big email to send to everyone, "If you see this email, just ignore it and delete it". It's a good time again to send a little reminder to everyone too, that this is what a phishing scam looks like and that this is what it's intended for. Made for an interesting morning with one of our Terminal servers going down (kind of) again. But that's for another post.

No comments: