Monday, May 11, 2009

Reseller in Paris


Sometimes this is a tough job. Here is Allison Cote meeing Jean-Pierre Venancio at  Fouquet's Restaurant on the Champs-Elysees in Paris.

For the record, Jean-Pierre's company, Activweb.fr after an excellent cafe at Fouquet's, decided to be our Hosted SpamSentinel partner in France.

Monday, February 2, 2009

Nobody's Perfect (not even Google)

In a rolling perfect storm of errors, in one day Google marked all websites as bad 

and, in conjunction with that marked all mail as spam.


Being in the business, I feel for them, as it was a regular update gone awry that caused the problem. I am sure no one in that group slept over the weekend. I think we don't realize how good all this spam and Malware blocking is. The state of the art has gotten so good that we all take it for granted. I certainly do. When the defenses come down, the continuous barrage of junk becomes apparent to us (to our dismay). 


In my own moment of insanity, I tried shutting down our own internal spam filters for one day only, to experience the pain. Unfortunately, I quickly shut the experiment down after only one hour when I discovered that no one at Maysoft.com was particularly fond of feeling the pain or receiving all of their spam. Where is their sense of adventure?

11:00 AM and we're off...the "World Without Spam Filters" test begins

11:21 AM
21 minutes into the test, my Lotus Notes Inbox is being flooded. Here is a snapshot:

11:38 AM
Blackberry users are complaining about the spam. Allison Cote wants to know what is happening. She had to leave her Blackberry and delete a bunch of messages from her Inbox. My test is distracting her, and others, from their work.

11:42 AM
I am checking mail1.box and mail2.box. There are 3,341 messages in one, and about the same number in the other. The router is going crazy trying to send some of these back to the senders as delivery failure reports. Aaaargh... this is worse than I thought.

11:46 AM I have to stop this test early. The amount of pain everywhere is too much. I am turning on the SMTP mail filter now as the only prudent course of action. 

(Read about the full text at A World Without Spam Filters)



Google did for the entire world what I could only do for people internally: Re-awaken them to the value and necessity of a good spam filter.






Official Google Blog: "This site may harm your computer" on every search result?!?!

Official Google Blog: "This site may harm your computer" on every search result?!?!

Tuesday, January 6, 2009

Trust and Social Networks: The New Frontier of Phishing

Twitter recently being hacked Twitter Blog: Gone Phishing is just the latest example of Spear Phishing. Luring someone in based on a common affiliation.

Lately, a new technique, predicted by the University of Indiana talks about gaining the trust of the recipient by putting recognized names and other familiar details into the email body. This makes the email look "genuine" and significantly increases the chance that the recipient will act on the message (the action rate increases 5 times over a "normal" Phishing scam, according to the study).

Social Phishing is a type of highly targeted "spear Phishing" attack that could be made on a few thousand people with high success rates. The University of Indiana study showed a 74% response rate. The control group has a 16% response rate. Correcting this for the typical 3% control response rate (university students are more trusting or less risk averse than the population at large), gives a success rate of about 12%, which would be very productive for the Phishers.

In the on-line world, Phishing has been very successful (for the Phishers). But users are becoming much more savvy, so they are not getting "hooked" as much. For example, the Nigerian email scam is laughably lame now. I have to believe they continue these out of habit, like a dog barking to get a bone. People recognize the fact that there is no personal information in the email. That is the main flaw with "generic" Phishing attacks.

Lotus Notes User Network Penetrated
Fast forward to today. Take the Lotus users' various networks. Searching PlanetLotus.org, various blogs and the IBM Notes/Domino 8 Forum would enable anyone to find many names, and quickly identify the popular names based on the number of times it is mentioned. Without a lot of work, you could build a web of connections to be able to pretend to part of the network, or pretend to be referred by someone you know. (A friend of a friend).

That is how Bernie Madoff (pronounced Made-Off, which in English means "to steal") worked his Ponzi investment scheme. Trust. People trusted him because other people trusted him. That is how the "confidence" game works.

Once a network is penetrated, it will be pretty easy to get users to act on emails. Crafting an email would be easy. Even a non-Notes users could take a blog or forum posting from an individual who is frequently mentioned and use it to simulate subject matter expertise. Finishing it off with a request or other action and you have a powerful tool for fraud.


An Email "from" Volker Weber
To penetrate a community, a Social Phishing attack would start by spoofing the name most often mentioned in our Lotus Notes world. Based on PlanetLotus.org's list of Hits in the last 20 days the person most likely to be spoofed would be Volker Weber. Using his name means trust. So, I did what a Social Phisher would do and grabbed a blog posting from Volker's blog to create an example of how said Social Phisher could infiltrate a community and wreak havoc. For simplicity, I shortened it, but it can be seen in its entirety on vowe.net

I then fabricated a plausible story around the blog posting. A real attack would weave real details relating to Lotus Notes with false information or Malware links. I wrote the additions to the blog posting in red, for demonstration, but the Social Phisher would not be so kind to point out the Phishing section!

(Note: This is just a demonstration email. It was not written by Volker. You could take any Lotus Notes or Domino blog and do the same, targeting users in that space, especially those, like me, who freely post their email addresses on-line).
From: volker@vowe.net
To: frank_paolino@maysoft.com
Subject: Winners of the 2009 Lotus Awards


Winners of the 2009 Lotus Awards
by Volker Weber
Best Industry Solution
1. Winner: e-On Integration S.A.
2. Finalist: iEnterprises
3. Finalist: Ascendant Technology
Best Lotus Energy and Environment (Green) Award
1. Winner: KLG Systel, Ltd.
2. Finalist: Alphalogix
3. Finalist: Enterprise Information Management, Inc.
Best Mid-Market Solution Award
1. Winner: iEnterprises
2. Finalist: Pavone AG
3. Finalist: Nortel
...
...
...

Congratulations to all the winners! Click on the links to learn more about the winners and see these excellent Lotus Notes products!

Volker


Find me on-line at:
vowe.net

(these links are the actual links and are harmless.... those in a Social Phishing Attack would not be!)


A spoofed message "from" Volker Weber in this context would be likely to be opened. And the relevant, topical nature of the email would make it widely read.

In a Social Phishing scam, the links would really be Malware such as keyboard loggers. As such, they would be very helpful in gathering all types of information such as PayPal accounts, LinkedIn logins, etc. to continue the scam.

The point is that the Social Phishers are getting a lot smarter, using
context,
recognition
familiarity
to get people to read and act on the emails.


Like spam, these attacks prey on our open protocols (SMTP) and our open Lotus communities. I am not advocating any change in these community sites. PlanetLotus.org, the IBM Forum and all the Lotus Notes blogs are open, and should remain so.

But beware of emails from trusted sources. If you are not sure, reply and ask if they sent it. Do not give personal information in any link provided in an email. With all of these precautions, many of us will still fall prey to these scams.







Here is another blog about Spear Phishing:
Trust and Social Networks: The New Frontier of Phishing