Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Warning, it's not from us. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Warning, it's not from us.

Published: 2008-08-24
Last Updated: 2008-08-24 18:15:34 UTC
by Joel Esler (Version: 1)
1 comment(s)

I received an email today from a reader (thank you) who reported that they received a piece of spam today that came from the address: monitoring@isp.com.  (Notice the domain name.)  Now, we have seen this type of spam before, you know, perpetrating like it comes from your ISP while just having a malicious link in it, etc..

Except this time the spam was signed "ISC monitoring team"  (Notice the first three letters, and how they differ from the domain name).  So I am guessing that someone is trying to imitate us.  And while we recognize that imitation is the most sincerest form of flattery, this kind could be actually damaging. 

Rest assured our faithful readers, this is not from us.  First of all our email addresses are not "isp.com", nor "monitoring".  We don't sign our emails "ISC monitoring team".  Nor do we spell the word "Consortium" -- "Consorcium".  (misspelling from the email.)

So I'll give you a piece of advice that I gave my father this morning, if you don't know who the email came from, or the email doesn't pertain to you, try and do one of two things about it, mark it as spam (help train your spam filters) -- or delete it.  Obviously, this doesn't apply to everyone, but give it a shot and see where you get with it!

Thanks readers for staying on your toes!

 

-- Joel Esler http://www.joelesler.net

 

Keywords:
1 comment(s)
Diary Archives