Hi, On Thursday 05 October 2006 13:27, ken wrote:
Per Jessen wrote:
Jim Flanagan wrote:
I'd like some advise on how to handle worm and phishing emails coming to one user on my postfix server. For about 3 weeks now, Clam-AV is advising that emails have been detected and not delivered due to them containing a worm. In this case it is Worm.Mydoom.M. About 8 to 10 a day are arriving, with ClamAV advising that the trace is to 2 different IP addresses. Ripe shows both to be registered thru an outfit in Paris (La Defense).
....
A few times I've forwarded the email to the bank, to their "abuse" userid, e.g., abuse@target-bank.com and have gotten some "thank you" replies from them.
The ISP might not care, but the banks do, especially the security team who's going to reap the sweat and overtime if something goes wrong. And the bank has the legal know-how and clout with authorities to make something happen.
I will reiterate this. The offender is to be ignored by those who recognize the phishing attempt. On the other hand, any responsible e-commerce or e-finance institution will welcome these reports. Don't expect a gift certificate, but they will be accepted and examined. Those that are repeats will, as with bug reports, be treated as such, but when a new one arises, it will be examined and added to their database of known phishing attacks. I know my employer takes these reports very seriously and has elaborate procedures in place to process them. Employees are expected to report phishing attacks against us when we happen to receive them, either at our personal email address or at our business addresses. Randall Schulz