Spear phishing

It’s been about a year since people started publicly talking about spear phishing attacks against ESPs and major emailers. There was a lot of energy put into talking about how to protect against future attacks. I have to wonder, though, how much of that talk translated into action?
What processes do you have in place to protect your company against attacks?
If you’re at an ESP, do you have the ability to scan your outgoing stream for keywords or domains?
If you’re a brand, have you implemented restrictions on which employees have access to your databases?
What have you done since the last set of attacks? Are you vulnerable if new attacks start?
More information on ESP attacks:
Be on the lookout
Time for a real security response
Email attacks

Everyone's a lawyer
DKIM is Done

Related Posts

Return Path Changes certification standards

Return Path recently announced changes to their certification program. They will no longer be certifying 3rd party mailers.

Read More

Be on the lookout

I’m hearing more rumors of ESPs seeing customer accounts being compromised, similar to what happened with The Children’s Place.

Read More

First spam to Epsilon leaked address

This morning I received the first two spams to the address of mine that was compromised during the Epsilon compromise back in April. Actually, I received two of them. One was the “standard” Adobe phish email. The other was similar but referenced Limewire instead of Adobe.

Read More