24 November 2009

SPAM fighting with RBL’s

Our companies email server had been taking a bit of strain from SPAM recently and it seemed as though thousands of spam mails where getting through to my end users.

Scanmail for Exchange was picking up about 57000 SPAM mails a month, but I would still get about 200 spam mails a day in my own inbox!

I did some research and eventually found RBL (Real Time Blacklists). A RBL is a list of known spam email servers IP addresses. There are several RBL providers out there and it is very simple and in most cases free to setup.

Check out the following link to get your Exchange 2003 server setup with a RBL:

I am currently using the the following RBL’s

image

Since implementing the RBL I have seen spam on my own inbox drop from 200 a day to about 2 a day. I also noted that since the beginning of the month the number of SPAM is down from 57000 detected to 6500! And I should see an even greater drop next month as I implemented the RBL on about the 10th of the month!

09 November 2009

South African Bank Phishing

It seems as though some of our local South African banks are starting to fall foul of the phishers of late. It is a good time to keep your users informed and keep your proxy servers block list up to date with any new evil domains.

Here ore some examples of phishing emails I got from a user.

ABSA PHISHING EMAIL 1:

Url at the bottom takes user to a spoofed website that looks like an absa logon page:

image

Dear Customer,

We,upgrades its internet security on a continuing basis to ensure that our customers are protected. Protecting information is a shared responsibility and we request you to exercise caution at all times when using online services or accessing your emails.

Due to the open nature of the internet, Absa cannot guarantee the complete security of your transactions from hacking, unauthorized access, virus attacks, and /or other 3rd party attempts to breach our latest security features that we have used. All Online banking users are required to adhere strictly to this warning and follow up the process of this adjustments. Absa will not be responsible for loss of funds to online phishers as a result of failure to comply with this important new directives

Register your online banking access, click continue below and follow the instructions so you don't stand a chance of lossing your details to a third party.

http://www.absa.co.za/ib.jsp/Administrator
Administrator
Absa Bank Limited

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your absa Online account and choose the "Help" link on any page.
absa bank Email ID # 1009

ABSA PHISHING 2:

The link from this mail seemed to be broken at the time of publishing.

Dear Customer,

The internet has become widely accepted for banking online. While we have taken all the possible measures to ensure security and confidentiality of our online banking systems, you play an important role in protecting your personal information and Passwords. You have to protect your information at all times, be it over the internet or during your normal banking activities.

Due to the open nature of the internet, Absa cannot guarantee the complete security of your transactions from hacking, unauthorized access, virus attacks, and /or other 3rd party attempts to breach our latest security features that we have used.

To Upgrade for this comprehensive security features,click below and follow the instructions

http://www.absa.co.za/security/features
Management
Absa Bank Group

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your absa Online account and choose the "Help" link on any page.
absa bank Email ID # 1009

FNB PHISHING 1

At the time of publishing the domain name that the link in the email takes the user to seems to have been disabled or broken.

Dear FNB Customer,

In the last fews weeks, our Online Banking Security team has observed multiple logon attempts on your internet banking account from different blacklisted IP's.

For your safety we have decided to suspend your access. You will need to verify your identity.

Click Here to continue

Security Management
First National Bank

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your fnb Online account and choose the "Help" link on any page.
fnb bank Email ID # 1009