On Jun 20, 2014, at 8:45 AM, Brian Westnedge via dmarc-discuss <dmarc-discuss@dmarc.org> wrote:
> Here's a simple use case for a spear-phisher where DMARC could be effective > on the inbound: > > 1. Phisher targets a specific exec at bigbank.com > 2. Phisher sends fake FedEx tracking email from fedex.com (p=reject) to > exec's admin with a note from exec for admin to track a shipment that has > been ordered > 3. Assuming DMARC is not being checked on the inbound, Admin clicks malicious > tracking number link, credentials are stolen, breach ensues > > The above does of course assume that the phisher is either not familiar with > DMARC, or thinks that it won't be checked by a B2B entity like bigbank.com. Right. Any approach that's predicated on the assumption that someone behind a spear-phishing (or other "APT"-esque) attack is stupid and/or unaware of generally known anti-phishing approaches is probably flawed. As is any that assumes that once the spear-phisher sends one email that bounces they're going to just give up on that target and move on. Cheers, Steve _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)