Getting SpearPhished

stacksofplates

@WingCreative said:

@johnhooks said:

Do they think people email each other like that.

Good Morrow Sir,

I hope you are well, but lets dispense with the pleasantries. I will need a transfer of funds from the financial institution, post haste. Please inform me of the financial details.

Best Regards,

I've heard a theory that scammers intentionally mangle the grammar in their emails so they pre-screen the people that are going to catch on quickly and only get responses from people that are most likely to fall for the whole scam... No idea how true that is as I'm not a scam copywriter, but it does explain why no scammers seem to have any grasp of grammar and/or how people actually talk.

Oh, that kind of makes sense.

scottalanmiller

Same theory that people will specifically go after people who change port numbers because it flags them as 1) having something to hide 2) not aware of how security works 3) thinking that obscurity is going to protect them.

MattSpeller

@johnhooks said:

Do they think people email each other like that.

Good Morrow Sir,

I hope you are well, but lets dispense with the pleasantries. I will need a transfer of funds from the financial institution, post haste. Please inform me of the financial details.

Best Regards,

Not far off actual email convos I've had

MattSpeller

@WingCreative said:

@johnhooks said:

Do they think people email each other like that.

Good Morrow Sir,

I hope you are well, but lets dispense with the pleasantries. I will need a transfer of funds from the financial institution, post haste. Please inform me of the financial details.

Best Regards,

I've heard a theory that scammers intentionally mangle the grammar in their emails so they pre-screen the people that are going to catch on quickly and only get responses from people that are most likely to fall for the whole scam... No idea how true that is as I'm not a scam copywriter, but it does explain why no scammers seem to have any grasp of grammar and/or how people actually talk.

I believe you're correct however the last few we've seen were spot on correct, down to punctuation, spelling, grammar and capitalization.

stacksofplates

@scottalanmiller said:

Same theory that people will specifically go after people who change port numbers because it flags them as 1) having something to hide 2) not aware of how security works 3) thinking that obscurity is going to protect them.

So changing 22 to 2222 doesn't help?

scottalanmiller

@johnhooks said:

@scottalanmiller said:

Same theory that people will specifically go after people who change port numbers because it flags them as 1) having something to hide 2) not aware of how security works 3) thinking that obscurity is going to protect them.

So changing 22 to 2222 doesn't help?

Exactly, might actually make it worse.

We had to change one just like that this week due to a port conflict and I felt myself shudder because it is such a bad practice.

stacksofplates

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

Same theory that people will specifically go after people who change port numbers because it flags them as 1) having something to hide 2) not aware of how security works 3) thinking that obscurity is going to protect them.

So changing 22 to 2222 doesn't help?

Exactly, might actually make it worse.

We had to change one just like that this week due to a port conflict and I felt myself shudder because it is such a bad practice.

I've seen soooo many bad tutorials actually tell people to do that because then it's harder to figure out. Well not really when all you need is nmap and it tells you which ports are open.

scottalanmiller

@johnhooks yup, every script that is trying to hit you already checks for the ports to be open, not specific ones. Someone attacking you would never even realize you had changed the port unless they are specifically getting a report of people who had done so, presumably because that would mean that they are better targets to focus on.

stacksofplates

@scottalanmiller said:

@johnhooks yup, every script that is trying to hit you already checks for the ports to be open, not specific ones. Someone attacking you would never even realize you had changed the port unless they are specifically getting a report of people who had done so, presumably because that would mean that they are better targets to focus on.

Plus if nothing else, it's annoying to remember.

MattSpeller

@johnhooks said:

@scottalanmiller said:

@johnhooks yup, every script that is trying to hit you already checks for the ports to be open, not specific ones. Someone attacking you would never even realize you had changed the port unless they are specifically getting a report of people who had done so, presumably because that would mean that they are better targets to focus on.

Plus if nothing else, it's annoying to remember.

The reason I keep standards

scottalanmiller

@johnhooks said:

@scottalanmiller said:

@johnhooks yup, every script that is trying to hit you already checks for the ports to be open, not specific ones. Someone attacking you would never even realize you had changed the port unless they are specifically getting a report of people who had done so, presumably because that would mean that they are better targets to focus on.

Plus if nothing else, it's annoying to remember.

Which alone is considered a bad security practice.