Friam

"Drop box" phishing

classic Classic list List threaded Threaded
6 messages Options
Nick Thompson
Reply | Threaded
Open this post in threaded view
|

"Drop box" phishing

Nick Thompson

Did anybody else get the message, subject line “Hurray!  You’ve got a file in Dropbox”, and signed by the “drop box team”.

 

It made me rethink the adage “ A fool is born every day”  I used to think it meant that there are lots of us fools around.  Now I realize that it means, “A fool is a person who approaches each day with profound innocence.”  Hmm!  Maybe I like fools.  Anyway, I didn’t click on the link,. 

 

Did anybody else come close?

 

Nick

 

Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

http://home.earthlink.net/~nickthompson/naturaldesigns/

 


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
Barry MacKichan
Reply | Threaded
Open this post in threaded view
|

Re: "Drop box" phishing

Barry MacKichan

No, but the phishermen are getting better and better all the time. In some cases, I have to look at the message source, for email, to check what the real URLs are for the links. I see a lot from the .ru domains. I don’t really see how people can avoid these scams without a trove of knowledge that we used to consider ‘geeky’.

--Barry


On 22 Mar 2017, at 9:32, Nick Thompson wrote:

Did anybody else get the message, subject line “Hurray!  You’ve got a file in Dropbox”, and signed by the “drop box team”.

 

It made me rethink the adage “ A fool is born every day”  I used to think it meant that there are lots of us fools around.  Now I realize that it means, “A fool is a person who approaches each day with profound innocence.”  Hmm!  Maybe I like fools.  Anyway, I didn’t click on the link,. 

 

Did anybody else come close?

 

Nick

 

Nicholas S. Thompson

Emeritus Professor of Psychology and Biology

Clark University

http://home.earthlink.net/~nickthompson/naturaldesigns/

 

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove


============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
gepr
Reply | Threaded
Open this post in threaded view
|

Re: "Drop box" phishing

gepr

It seems like someone could make it sufficiently easy to isolate the highest risk interfaces in a VM or container.  E.g. rather than double-clicking on a native email app (or web browser) to read your email, you'd double-click on a native host program that launches a container for the email app (or web browser).  Then you contain the infection (or ransomable content) within the container.  Of course, that assumes two things: 1) a staged backup of the container image and 2) an easy path to purposefully move valid data out of the container and into the rest of your work environment.

Sure, data that looks valid could still creep out.  But it would help with those "uh-oh, I clicked on the wrong thing" episodes.  Here are several containers one could use:

  http://linoxide.com/how-tos/20-docker-containers-desktop-user/

It seems so obvious, either I'm missing something significant or such a convenience already exists somewhere.  Perhaps here:

  https://bufferzonesecurity.com/product/how-it-works/

But that seems very "enterprisy" or "sledgehammery".  I'd think one could do a personal version merely with a little clever scripting.


On 03/22/2017 12:44 PM, Barry MacKichan wrote:
> No, but the phishermen are getting better and better all the time. In some cases, I have to look at the message source, for email, to check what the real URLs are for the links. I see a lot from the .ru domains. I don’t really see how people can avoid these scams without a trove of knowledge that we used to consider ‘geeky’.

--
☣ glen

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
uǝʃƃ ⊥ glen
Barry MacKichan
Reply | Threaded
Open this post in threaded view
|

Re: "Drop box" phishing

Barry MacKichan
What you say is reasonable, especially since I’m frequently running
VMs anyway. For now, a simple rule for me is that nobody can send me a
Dropbox file without first sending an email personally or calling me on
the phone. Simple and it works.

--Barry


On 22 Mar 2017, at 14:25, glen ☣ wrote:

> It seems like someone could make it sufficiently easy to isolate the
> highest risk interfaces in a VM or container.  E.g. rather than
> double-clicking on a native email app (or web browser) to read your
> email, you'd double-click on a native host program that launches a
> container for the email app (or web browser).  Then you contain the
> infection (or ransomable content) within the container.  Of course,
> that assumes two things: 1) a staged backup of the container image and
> 2) an easy path to purposefully move valid data out of the container
> and into the rest of your work environment.
>
> Sure, data that looks valid could still creep out.  But it would help
> with those "uh-oh, I clicked on the wrong thing" episodes.  Here are
> several containers one could use:
>
>   http://linoxide.com/how-tos/20-docker-containers-desktop-user/
>
> It seems so obvious, either I'm missing something significant or such
> a convenience already exists somewhere.  Perhaps here:
>
>   https://bufferzonesecurity.com/product/how-it-works/
>
> But that seems very "enterprisy" or "sledgehammery".  I'd think one
> could do a personal version merely with a little clever scripting.
>
>
> On 03/22/2017 12:44 PM, Barry MacKichan wrote:
>> No, but the phishermen are getting better and better all the time. In
>> some cases, I have to look at the message source, for email, to check
>> what the real URLs are for the links. I see a lot from the .ru
>> domains. I don’t really see how people can avoid these scams
>> without a trove of knowledge that we used to consider ‘geeky’.
>
> --
> ☣ glen
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9a-11:30 at cafe at St. John's College
> to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
> FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
Owen Densmore
Reply | Threaded
Open this post in threaded view
|

Re: "Drop box" phishing

Owen Densmore
Administrator
In reply to this post by Barry MacKichan
On Wed, Mar 22, 2017 at 1:44 PM, Barry MacKichan <[hidden email]> wrote:

No, but the phishermen are getting better and better all the time. In some cases, I have to look at the message source, for email, to check what the real URLs are for the links. I see a lot from the .ru domains. I don’t really see how people can avoid these scams without a trove of knowledge that we used to consider ‘geeky’.


​Agreed: certainly check the domain name, and any links that are in the email. Lots of email has a name w/ amazon, say, but the domain is amazon.support.phony.com

Boy is this getting old. What used to be useful is now threatening!

   -- Owen

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove
gepr
Reply | Threaded
Open this post in threaded view
|

Re: "Drop box" phishing

gepr
In reply to this post by Barry MacKichan

Yeah, I can see that if you've curated your network of people.  But I end up having to work with a network that's insufferably incuratable (including grad students who are worked to exhaustion and busyness people who can't be bothered to learn the tools they use).  If I tried what you do, I'd miss ~30% of the artifacts that are traded.

My augmentation to your process is simply to do a 2-step check on whether the corporate notification (DropBox, Google Drive, etc.) that appears in my email is also reflected in the notification box of the normal "console" for the web application (see attachment if it goes through).  If I don't recognize anything about either the email or the notification, then I won't "view" it.

It's the same process we all (should) go through for notifications from banks or credit cards... don't click on the email, go to the official page and login normally, then look for any new notices or messages.


On 03/23/2017 08:31 AM, Barry MacKichan wrote:
> What you say is reasonable, especially since I’m frequently running VMs anyway. For now, a simple rule for me is that nobody can send me a Dropbox file without first sending an email personally or calling me on the phone. Simple and it works.

--
☣ glen

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
FRIAM-COMIC http://friam-comic.blogspot.com/ by Dr. Strangelove

Screenshot from 2017-03-23 09-03-34.png (24K) Download Attachment
uǝʃƃ ⊥ glen
Free forum by Nabble Edit this page