[sniffer] Spam Question

2005-05-15 Thread Computer House Support 



Dear Pete,

Does anyone look atthe mail that is forwarded to [EMAIL PROTECTED], or is it a 100% 
automatic process?



Thank you,

Michael SteinComputer House[EMAIL PROTECTED]

www.computerhouse.com

Re[2]: [sniffer] Spam Question

2005-05-15 Thread Pete McNeil 
On Sunday, May 15, 2005, 8:07:30 PM, Computer wrote:

CHS Thanks for the info.  That would explain why my questions were not replied
CHS too.  Thought no one was checking.  I will resume sending spam.

CHS Can you explain what you meant by:   This is to prevent any kind of 
social
CHS engineering that might be attempted.

Contrary to popular belief, most important security violation hacks
are based on social engineering rather than technical means (spyware,
breaking firewalls, worms, etc). Since it is very important that our
services remain secure, we implement a number of protocols to prevent
ourselves from being tricked by social engineering.

A well known example of social engineering these days is the phishing
spam --- the message appears to be from your bank, which you trust,
and so when your bank asks you to refresh their memory about your
information you are tricked into giving it to them --- that is, unless
you are hep to the scam.

Similar scams happen all the time in larger support organizations
where a fake technician or user might call in to support, pretend to
be one of the guys and ask for a quick password reminder or some
other important technical tidbit. Often enough this stranger
pretending to be a friend will walk away from the phone call with the
password or technical detail they want -- then they can then gain
access to the system at their leisure.

Along these lines, if someone pretending to be one of our users asks
us a question in a spamtrap then we will ignore that content - just in
case it is some black-hat trying to trick us.

Another aspect of this protocol is that it helps us avoid false
positives -- if the text appears to be a legitimate technical question
to anyone then by definition it is not spam so we will skip it
(unless we notice a trend...)

Similarly - our false positive process includes software and
procedures that check the authentication of the sender to verify that
they are really a customer before we respond with any potentially
secure information.

Hope this helps,

_M




This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html