On 03/06/2022 11:13, Carlota Iglesias Martinez via mailop wrote:
I have managed to find that “Herustics” refers that they are coming
from a financial institution and ‘SpoofedDomain’ means that they
contain hyperlinks that are not known to be associated with the
organization and may be phishing attempt. I can’t find any suspicious
links on the email content.
I think you have to remember that without dmarc, it is very easy to send
email from bongosbank.com with links pointing to a scam site. And
people click these links, because they come from a trusted source :)
(People even forward these scam emails to their PAs and say `can you
sort this for me?`)
So at work we run clamav with the securiteinfo.com extra signatures.
And rspamd.
And financial companies (our banks) give us the most trouble. PDFs with
javascript. Wordocs with weird macros. Emails with links that point to
really crazy domains. All usually something to just print, fill in and
send back in snail mail.
And second of all, the banks are most upset when they get a call back
saying `We didn't get your email`, `oh, I checked with IT and what you
are emailing definitely looks like a virus`. It's always our fault and
they are always very defensive. And we end up whitelisting them because
otherwise we can't operate because we need flowing money, thus opening
the door to real scammers.
Yet the banks are emailing us every week saying `watch out for phishing
attempts`. I'd counter that they just need to make their IT more plain
and simple with way less tracking, which would benefit security.
And this is before we get onto:
10 different marketing click tracking, pop up loading, lots of
javascript from 8 different domains/CDNs in a simple website.
Tim
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop