January 31, 2009

Department of Justice runs Phishing Hoax To Test Staff.

This Forbes Article is one of the best things  have seen in the news recently in regards to educating users, especially in those which hold positions with access to large amounts of data.

Every day we all receive dozens if not hundreds of pieces of SPAM in our mailbox if your luck, your SPAM filter gets rid of it before you notice it. But every now and then one gets through, and may look innocent enough, heck it may even look like an urgent message from you bank or credit card company. But it is a trap, a clever trick by someone who is trying to get as much information about you as possible without you noticing. This doesn't just happen to home users. I frequently get requests from my clients to verify a request either from someone claiming to be their ISP, their domain host, AV supplier, etc. Essentially, every time you sign up for something you are opening up a new "surface of attack" for Phishers.

It is important that people are aware of these possible attacks and understand how to recognize and avoid them, which I am happy to see the DoJ take this type of action. The only thing I wanted more out of this article were the results of the experiment. Unfortunately, those wont be released as i'm fairly certain the results would not look good for the DoJ, especially if the email was convincing.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google