« Xploit #1 | Main | Third ISSA meeting in Wroclaw (Mar 11, 2008) »

Automatische Antwort

If you like it here, please consider subscribing to the RSS feed or spreading the news among your friends who also care about security.

What do you think happens when some spamming bots pick up your email address and start using it as a source address when throwing discounted Viagra and almost-like-the-real-thing watch replicas crap at people in unbelievable amounts?

Tons, and I mean TONS, of "undeliverable message" bounces together with quite a lot of my favourites – out of office notes. When you think about it, quite a lot of information is being thrown at you in such messages. Here are some sanitised examples (all in German, as my email address sells on a German market, apparently).

Some phone numbers in case you are interested:

Automatische Antwort - Zur Zeit nicht erreichbar

Vielen Dank für Ihre Anfrage, die uns erreicht hat.

Für eilige Rückfragen können Sie sich auch direkt an mich unter

Tel. +49 (0)4XXX / XX XXX
Mob. +49 (0)17X / XXX XX X5
Fax. +49 (0)4XXX / XX XX0

wenden.

Mit freundlichen Grüßen aus XXXX,

Ihre XXXX

Some names and email addresses (you can’t have too much of it):

Automated reply from XXX@XXX.de

Ich habe Ihre Mail betreffend 'Man Lebt nur einmal - probiers aus !' erhalten.

Von Freitag, dem 8. Februar bis Freitag dem 15. Februar bin ich nicht im Büro zu erreichen. Bitte wenden Sie sich in dieser Zeit an meine Kollegin Susanne XXX (s.XXX@XXX.de). Ihre Mail wurde nicht weitergeleitet.

Mit besten Grüßen,

XXXX
---------------------------------
XXXX GmbH
XXXX 1
XXXX XXXX (Germany)

Fon: ++49(0)XXXX.XXXX5
Fax: ++49(0)XXXX.XXXX6

Mail: XXX@XXX.de
Web: http://XXXX.de
Web: http://XXXX.com

GF: YYYY YYYY, ZZZZ ZZZZ
XXXXXXXXX
---------------------------------

And some more names together with phones and email addresses:

Susanne XXX nicht erreichbar. Ihre E-Mail wird nicht gelesen.

Ich werde ab 29.01.2008 nicht im Büro sein. Ich kehre zurück am
05.05.2008.


Sehr geehrter Damen und Herren

Ich bin in Elternzeit.
Ihre E-Mail wird nicht weitergeleitet.

Bitte wenden Sie sich entweder an
Alexandra XXX, Tel. 089 - XXX XX - XXX
e-mail XXX.a@XXX.de
oder an
Carolin XXX, Tel. 089 - XXX XX - XXX oder e-mail
XXX.c@XXX.de

Vielen Dank und viele Grüße
Susanne XXX

It’s not much, is it? But still some people would argue that together with some background info about what the particular people are responsible for in the organisation it may be enough to snatch some goodies from them.

It’s never wise to underestimate the power of people’s natural friendliness and urge to help others. Maybe sparing a few details wouldn’t defeat the purpose and would make it more difficult to carry out a successful social engineering attack. Specific procedures and awareness trainings also help, obviously.

Posted by Michał Sobiegraj on February 25, 2008 1:40 PM | | Digg It

TrackBack

TrackBack URL for this entry:
http://sobiegraj.com/blog/mt-tb.cgi/59

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

© 2006-2007 Michał Sobiegraj. All rights reserved. The views expressed here are my own, and not necessarily endorsed by any former or current employer.

Search


About

This page contains a single entry from the blog posted on February 25, 2008 1:40 PM.

The previous post in this blog was Xploit #1.

The next post in this blog is Third ISSA meeting in Wroclaw (Mar 11, 2008).

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

Wishlist

Powered by
Movable Type 3.34