A new level to spearphishing


A recent story on slashdot brought this to my attention and we have archived it in the social engineer archives under the new and improved spear phishing attacks section.

What struck me as interesting about this story that made me rush over here to type this up at the worst time to release a blog post on earth was the way that these attacks are being “made new”.

Heck, most intelligent IT Admins won’t click on the link to “See Britney Naked” or “Adjust your Bank of America Account” because they know it is phishing.

But comes in the “new and improved shiny phishing”. These social engineers have done their homework. They have the names of IT Admins, they have the names and details of current projects and other information that makes the emails very believable. But it doesn’t stop there, this is the part that will make you stand up and pay attention. They are not asking for a link to be clicked or a file to be run or a website to be visited…. they are merely asking for the admin to change some configurations to their servers. These changes would allow their mail servers to be used for spamming, or open up some other vulnerability in their servers.

Take a look at one such email:

Dear Valued Customer,

We are pleased to announce the go-live date for a new Data Center, scheduled to go live on April 19, 2010.
Please update your firewall rules to allow SMTP traffic on port 25 from the following IP address ranges:xxx.xxx.xxx.xxx/xx (xxx.xxx.xxx.xxx – xxx.xxx.xxx.xxx)xx.xxx.xxx.xx/xx (xx.xxx.xxx.xx – xx.xxx.xxx.xxx)

If you have settings on your e-mail server which control the IPs which are allowed to connect for e-mail relay please confirm that those settings are updated as well.

We will be able to test and verify connections one week prior to April 19, 2010. Additionally, we will be proactively running connection tests prior to the launch on behalf of all customers, and contacting you directly if we are unable to connect to any of your domains from ALL specified IP addresses for that domain.

Prior to the launch of the new IP addresses, we recommend that you set up and configure the Deferral Notification alerting feature for your domains using the Deferral Notification option on the Domain properties page in the Admin Center. The Deferral Notification alert feature sends a message to you when a customized threshold has been met or exceeded for deferred e-mail in your domain. After the new IP addresses are launched, this feature will help to ensure that e-mail sent to your domains is not deferred because of unsuccessful connection attempts to your network, and that you alerted in the event that e-mail is being deferred beyond your acceptable limits. For more information on how to set up the Deferral Notification alert feature, see the Admin Center Guide in the Resource Center.

Please refer to the Configuration subtab of the Administration Center for a complete list of IPs which should be allowed to connect to your environment at any time.

An unsuspecting admin would and they ARE falling for this wreaking havoc on networks all over.

Until next time….

Forget Big Brother…. We Have High Schools


Basically the gist of the story is that a school in Philadelphia USA issues laptops to their students. One day Little Blake Robbins goes to school and is slapped with a “improper behavior in his home” disciplinary action.

The Importance of Information Gathering


Our friend and contributor Matt was kind enough to put into writing a few stories from his law enforcement days. This excellent example shows how important it is to pay attention to the little details when information gathering. Sometimes the littlest details can make or break the story…..

Social Engineering in the news


It brings to light some very interesting facts…. malicious social engineers are looking at what is “bothering” people and then offering information and/or solutions if “you just click here.” Everything from money help for the economic woes people are experiencing right down to cures for the H1N1 Virus. It makes a further valid point, that the users are the ones who are to blame.

Ask The Social Engineer


Do you have questions you want answered from a social engineer, about social engineering or learning how to become a social engineer? Send them in and we might just use yours for the next column.