Happy Day After Christmas everyone! Thankfully the world didn’t end last Friday, and we were able to finish the 12 Days of Phishless Christmas campaign. Hopefully you are spending today on the couch nursing your eggnog and Christmas cookie hangover, out at the mall returning that Cosby sweater your Aunt gave you, or getting ready to watch the Little Caesar’s Bowl.
We’re at the halfway point of our 12 Days of Phishless Christmas campaign, and we have been having a great time interacting with our followers while also raising money for some great charities. We’d like to recognize our first five winners, as well as the charities they have chosen for their donations.
It’s been an excellent year for us all here at PhishMe, and to celebrate the holidays and give thanks, we’re giving our followers a chance to earn money for charity through what we are calling the 12 Days of Phishless Christmas. Starting Friday, December 14, and continuing each day until Christmas Day, we’ll be tweeting every day with a new opportunity for our followers to win a donation to charity in their name.
Trend Micro has just published research confirming what we at PhishMe already knew – spear phishing is the top threat to enterprise security. Trend Micro’s report estimates that spear phishing accounts for 91% of targeted attacks, making it the most prevalent method of introducing APT to corporate and government networks. Industry recognition of the severity of the dangers posed by spear phishing is always a positive development, but merely acknowledging the problem doesn’t provide a solution.
Fortunately, many of the underlying issues Trend Micro identifies are problems PhishMe is already helping our customers address.
If you’re like me, then the idea of fighting the midnight crowds on Black Friday holds limited appeal, even if it means getting an 80% discount on a big screen TV. But thanks to Cyber Monday, people can get ridiculous deals without peeling themselves away from their computers – or offices.
With emotions running high during election season, an email with the name Romney or Obama in the subject line could make even an experienced user click on a malicious link. Spammers are taking advantage of the Presidential election buzz and using malware-laden emails to target users. Many of these emails don’t have any visible consequences, so users may not even realize when malware is infiltrating their personal computers or mobile devices. But what about the potential danger this malware can bring into your workplace from these spear phishing scams?
Last week, a Washington Post article by Robert O’Harrow offered an interesting look at the most common attack vector used by cybercriminals to penetrate enterprises today: spear phishing. While we applaud (loudly) the thrust of the article – that enterprises need to educate users on the dangers of spear phishing – there are some very real challenges in user education that the article does not address.
I read Aitel’s article right before leaving for BlackHat: “Why you shouldn’t train employees for security awareness”
Popcorn in hand, this should be a fun read. After all, we agree that traditional awareness methods don’t seem to be sticking.
Spoiler: LinkedIn password leak: What it means for phishing? Answer: Not Much!
When people talk to us about phishing, they often want to know “What’s next in phishing? What else are you seeing?”
This gets asked a lot, and is one of my least favorite questions because the truth is, email based spear phishing works as-is It has no reason to evolve right now.
Last week I attended the Educause Security Professionals Conference 2012 in Indianapolis Indiana and was lucky enough to co-present with Emory University to discuss the phishing problems higher education face. This event had an entire track devoted to Awareness & Training and of course a major topic for discussion was phishing.