On Jun 20, 2014, at 9:31 AM, Steve Atkins via dmarc-discuss <[email protected]> wrote:
> > On Jun 20, 2014, at 8:45 AM, Brian Westnedge via dmarc-discuss > <[email protected]> wrote: > >> Here's a simple use case for a spear-phisher where DMARC could be effective >> on the inbound: >> >> 1. Phisher targets a specific exec at bigbank.com >> 2. Phisher sends fake FedEx tracking email from fedex.com (p=reject) to >> exec's admin with a note from exec for admin to track a shipment that has >> been ordered >> 3. Assuming DMARC is not being checked on the inbound, Admin clicks >> malicious tracking number link, credentials are stolen, breach ensues >> >> The above does of course assume that the phisher is either not familiar with >> DMARC, or thinks that it won't be checked by a B2B entity like bigbank.com. > > Right. Any approach that's predicated on the assumption that someone behind a > spear-phishing (or other "APT"-esque) attack is stupid and/or unaware of > generally known anti-phishing approaches is probably flawed. As is any that > assumes that once the spear-phisher sends one email that bounces they're > going to just give up on that target and move on. > Your logic is flawed, because you imply that therefore DMARC is useless in fighting spear-phishing. The next conclusion, is that all anti-spam techniques are useless, because they don’t solve spam as a whole… Spear phishing nowadays is not that targeted and are usually stupid and extremely effective. Once they are obliged to use a non DMARC protected domain, it becomes easier to spot. DMARC is only a tool that close a specific hole, you need to close the other holes, so you can manually watch the few that are left... Oh, and data has shown that they are indeed moving on to non DMARC protected domains...
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
