catching phishers

“If you can make it clear what is to be rewarded and what punished, make your directives reliable, keep your machines in good repair, train and exercise your officers and troops, and let their strengths be known so as to overcome the opponent psychologically, this is considered very good.” -The Art of War, Chapter 3: Planning the Attack

The Muse (yeah, I’m stealing a concept from my days of writing…maybe I should call this my Geek Muse?) visits at some odd times. I saw a post on Security Renaissance about a new method of staying ahead of phishers as posted on the F-Secure blog. For some reason before I even clicked on the link, I quickly thought about a device in front of the spam filters that scans every email for links and compiles them all into a greylist. That way when corporate users receive an email, any links in that email will already be either blocked or placed into a higher level of alert, perhaps on a web proxy.

For about 2 minutes I thought that was a cool idea, but then I did think about how many legitimate email links would get flagged. So maybe that is not so much a cool idea for a corporate network, but for a company whose lifeblood is email or email/spam/virus protection, a realtime catcher like that along with human bodies evaluating the trends and list of sites would be valuable. You can’t always wait for the spikes in traffic or the reports from users AFTER they have received all the phishing emails and gone to those sites and turned their computer into a bomb. Either way, this is still reaction, just higher upstream than most people tend to react, and not technically prevention.

Chances are, the big boys in this field already do this, but thinking about such things makes my brain smile.