Combating Spyware in the Enterprise

Many spam-filtering programs and services are beginning to pick up phishing attacks. However, some require user inspection to distinguish it from legitimate e-mail.
Figure 4.4 contains an actual e-mail that was masquerading as an official notification from Washington Mutual, a large bank in the Pacific Northwest. This one poses as a note from Washington Mutual informing a customer that their account may have been compromised and saying that action must be taken. Almost all phishing attempts use the same formula. Something bad has or soon will happen; the user must take action to prevent or fix the problem. It is often very difficult for the average user to be able to distinguish phishing e-mails from real ones. To try your hand at guessing real e-mails from phishing emails you can take the phishing detection test on the MailFrontier Web site, located at http://survey.mailfrontier.com/survey/quiztest.html. MailFrontier was recently bought by SonicWALL, so you may have to use Google to find the old MailFrontier Web pages.
CastleCops.com also maintains a list of Fried Phish (http://castlecops.com/modules.php?name=Fried_Phish&fp=phish), the term it uses to describe phishing sites that have been confirmed and eliminated. If a user suspects an e-mail, they can check the CastleCops Web site to see if their e-mail is listed.
To pierce the veil of this deception by inspection it is necessary to look at the source code that produced the phishing e-mail in Figure 4.4. The bolded section is the...