Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA: Phish Me If You Can (Video)

Posted by Roblimo on from the hooks-often-lurk-inside-the-tastiest-bait dept.

Spearphishing. The deluxe (but easy) way to get unwary employees to put malware on your network. It's basically the same as phishing, except more targeted. That is, a plain phishing scam might offer an unwary web-browsing employee a chance to see a famous starlet naked, while a spearphishing attack might purport to be an urgent request from your Bizzaro County office for 200 Kg of Unobtainium Oxide. Open that email, and... ZAP! So this is social hacking (cracking for the old-timers), and cannot necessarily be fought entirely by technical means. So how about setting up fake spearphishing attempts and immediately sending employees who fall for them to an IT security class with an emphasis on how to avoid phishing scams? You can do this yourself, possibly with help from a bright person or two from a nearby University. Or you can contact PhishMe or another anti-phish training company and have them help you teach spearphishing awareness to your people. Either way, every computer-using person in your company should know about phishing -- and should know how to avoid getting hooked by phishers.

3 of 171 comments (clear)

  1. PWNED! by Kookus · · Score: 4, Funny

    Everyone who clicked on this link needs to now attend a phishing training class, you have all been suckered into clicking on this blatant advertisement!

  2. Re:This is stupid and useless. by war4peace · · Score: 1, Funny

    While that's entirely true, lots of my co-workers have troubles even recognizing obviously fake stuff. if I need a coleague to speed up on a project, I send him a stern e-mail and CC "his b0ss" (and replace the "o" with "0" or "i" with "1" or something similar). They always fall for it, think I also told their boss, and double their efforts... from 30 minutes a day to 60, but still better than zero.
    And you want THEM to be TRAINED on PHISHING? Ha!

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  3. Re:Open an email by Sloppy · · Score: 3, Funny

    Text email is vulnerable too! I'm in the habit of: after reading every email, I save it to malware.sh, then I go to a shell, type "chmod +x malware.sh" and then either "./malware.sh" or "sudo ./malware.sh" depending on the flip of a coin. And in spite of my weird habit of doing this, I never check to see who sent me the email and whether or not it's PGP signed and if their signature checks out.

    See? Spearphishing is a really hard problem to solve! Reading email is dangerous! DAAANGEROUSSS!!!!11

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.