CW Security Blog
Mar 3, '14
The Real Enemy in the Battle Against Phishing
If you are have been using the Internet for a while, you will remember the Anna Kournikova virus that tempted users with a message “to see hot pics of Anna Kournikova, click here.”
You also probably remember the Nigerian money scam where email recipients were offered to receive millions of dollars for providing a bank account into which funds could be deposited to save someone’s inheritance.
We laugh now at how incredibly obvious these scams seem, but at that younger stage in Internet history, most of us were more naive and trusting than we are now.
By 2003, the term “phishing” was widely accepted and used by most technologists to define the method of extracting personal or confidential data from unsuspecting users.
Fast forward to today. Users have become wiser, more pessimistic, and less prone to take the bait of a phishing scam, but scams have evolved to become much more elaborate, deceitful, and dangerous.
Today, phishing scams range from fake websites that appear to look like American Express or Visa to direct phone calls from your bank to verify account information. The data that these scams are phishing for has also evolved.
Modern phishing scams look for spreadsheets and documents on infected computers, or scan contacts and emails for personal identity data and credit card information. Phishing scams are also known to target corporate financials, source code, and even intellectual property (see http://blogs.wsj.com/cio/2013/02/22/why-engineers-fall-for-phishing-attacks).
Some technologies have been developed to help safeguard against phishing techniques such as site reputation services, identity monitoring and data loss prevention software. But the truth is, phishing is not really a technology issue but rather a “people" issue.
Legions of IT professionals and millions of dollars spent on high tech solutions will not stop users from providing personal data, installing apps, or clicking on a tempting link in hopes of obtaining riches and being entertained.
The best protection from phishing exploits is largely done by training and constantly enforcing a culture of common sense and caution.
None of the following statements and suggestions are new or groundbreaking. I suggest these concepts be included in personnel training, frequently reviewing them with and including them as part of a corporate Internet usage policy might help breed a culture of common sense and caution.
Don’t believe everything you read, hear, or see online. Actually, be slow to believe.
Dec 9, '13
Dec 4, '13
Mobile is the Unknown Threat for Small and Medium-size Businesses
Mobile devices are becoming incredibly common and more and more companies are allowing their employees to use their personal mobile devices for business use. The term BYOD “Bring your own device” is being a very common practice. The use of personal devices for business purposes is even more common every day. Unfortunately the consequences of using these devices without security measures can cause some very uncommon consequences.
Nov 25, '13
You’ve Updated Your Facebook Status But Have You Updated Your Privacy Settings?
Dec 3, '12
Need for Content Filtering at Work?
I have heard dozens of opinions about the need, or lack thereof, for content filtering in the workplace. Some employers say, "We are all adults here," and, "We expect our employees to exercise restraint while in the work place." I have actually talked to company CEOs that have said, "As long as they have their office door closed, we don't care what they do on the Internet."
Nov 9, '12
Which Android Apps Are Safe?
I have always heard stories about new Android security issues, but to be honest, I usually ignore them and chalk them up to “some guy installed a random rogue app and it stole his contact list.” Typically, my philosophy has been just don’t install random apps or apps from non-reputable sources, and you don’t have anything to worry about, but I have recently found out that many Android exploits, which take advantage of security flaws, can also be found in popular or well-known apps available from legitimate marketplaces.