RSA: Phish Me If You Can

Spearphishing. The deluxe (but easy) way to get unwary employees to put malware on your network. It's basically the same as phishing, except more targeted. That is, a plain phishing scam might offer an unwary web-browsing employee a chance to see a famous starlet naked, while a spearphishing attack might purport to be an urgent request from your Bizzaro County office for 200 Kg of Unobtainium Oxide. Open that email, and... ZAP! So this is social hacking (cracking for the old-timers), and cannot necessarily be fought entirely by technical means. So how about setting up fake spearphishing attempts and immediately sending employees who fall for them to an IT security class with an emphasis on how to avoid phishing scams? You can do this yourself, possibly with help from a bright person or two from a nearby University. Or you can contact PhishMe or another anti-phish training company and have them help you teach spearphishing awareness to your people. Either way, every computer-using person in your company should know about phishing -- and should know how to avoid getting hooked by phishers.

Roblimo as an "editor"

[admdrew]

Can someone tell me why all of Roblimo's posts 1) are his own content, versus edited reader submissions, and 2) read exactly like advertisements?

Re:This post = spearphished-slashvertisement?

[i+kan+reed]

I'm watching this thread to see if you get modded down. I think they've gone as far as telling editors to mod down those who point out it's a slashvertisement. Regular mods never mod down this far down in a discussion, so I'd like to see if my hypothesis is substantiated.

Re:It's not the slashvertisement

[i+kan+reed]

I'll acknowledge that I didn't even know slashdot had bans. I figured the built in moderation system was more than sufficient.