One trend we see coming on like a freight train is the rebirth of security awareness training. Folks are working on content that doesn’t suck and enterprises are finally starting to gather data about how stupid mistakes (such as clicking phishing messages) are decreasing after training sessions. NetworkWorld recently ran an article (in their Insider section, which requires registration – boo!) providing some tips to deal with phishing.
The part of the article I found most interesting was a description of how attackers appeal to either greed or fear to entice action. It sounds a bit like marketing to me…
“most spear phishing attacks take one of two tacks – they either appeal to human greed or fear. In other words, either they offer money, coupons, discounts or bargains that are too good to be true. Or they announce that your checking account or eBay account has been frozen and you need to re-enter your credentials, or some other scenario in which you are required to enter personal information….or else.”
Then there are a few tips about educating users, including having them look at URLs from right to left. Folks who read Hebrew have a clear advantage at this. And other obvious stuff, including not opening files from folks you don’t know, and never providing account credentials to an unsolicited query. Of course all this seems obvious to you and me.
It’s too bad it’s not obvious to your employees. Get on board with security awareness training. Or keep cleaning up the mess.
Photo credit: “Clean Up or You’re Out! :Brooklyn Street Sign” originally uploaded by emilydickinsonridesabmx