William Allen Simpson wrote:
I've not recently seen an ISP account phish here. The last one I remember was circa 2003. It was a dictionary attack, arriving at my was@ account (long since rendered useless by spam volume and terminated).
However, I don't save phish/spam anymore. I used to save everything -- providing many of the examples for http://fraudgallery.com/ -- nowadays, just daily scan for false positives, report monetary phish to the few ISPs that actually promptly close down bad actors, and delete the rest.
One of the responses off NANOG was very interesting. I will attribute after asking for permission to re-post. The guy mentioned the concept of sending warning emails to customers to begin with. His opinion is that it is a mistake, and only causes confusion. On top of that it raises support desk costs as people call in for explanation, as well as to report new fraudulent emails they see while in the past they mostly just ignored them. I hope to get more feedback on the matter, and see if other folks have the same experience.
Good luck, Gadi.
I appreciate your feedback, I had no idea ISP phishing goes all the way back to 2003.. although dictionary attacks may not be best defined that way. Definition discussions are boring though. Danke, Gadi.