We seem to be suffering from a spate of phishing attacks at the moment, where users are asked by emails to send their user names and passwords to verify their account or stop their account being closed. Discussed it at the Executive meeting yesterday, and considered a number of actions. We already block them as soon as we see them, but sometimes many hundreds have been delivered before then. We also check to see if anyone has replied - usually several people have, some actually sending their details, some apparently sending abuse to the sender. Not that a real sender exists of course. If users do reply, not only can they have problems with access to their account, but more often the account is used to create another spam attack. This happened to us recently where an account was compromised.
Lots more physical things we can do, such as using an appliance to filter them out, but we need users to be aware, and not divulge their details, so good publicity on how to spot and deal with phishing and password policy is essential. we've been very usccessful in filtering out spam - I'm not sure whether our users realise it but 80% of mail sent to us is never delivered because we recognise it as spam and reject it, but these are much harder to deal with as they change and evolve.
Departmental BBQ today, and guess what - it's raining! Just like it did last year. Never mind - we've got plenty of beer and food. Photos will appear here Monday as usual.
EDIT - Apparently photos in iWeb (like my web pages above) won't display in Firefox 3, so you'll only be able to see them if you're using a different browser, Firefox 2, Safari and IE all seem to work OK. Hmph - this isn't how the web is supposed to work!