Cyber-spies devise elaborate rootkits and craftily hidden malware in order to steal secrets and listen in on privileged communications. To get these spy tools installed, they typically rely on the weakest element in the security arena; the user. Educational campaigns to raise security awareness can be a big help, but there's a right way and a wrong way to go about it.
Raising Red Flags
The Washington Post reported last week that an army combat commander took it upon himself to evaluate his unit's ability to detect phishing messages. His test message directed recipients (fewer than 100 of them) to visit their pension plan's website for a required password reset. However, the message linked to a fake site with a URL very similar to the real one for the agency, Thrift Savings Plan.
The recipients were smart; not a single one of them clicked the bogus link. However, they shared the suspicious email with "thousand of friends and colleagues," causing a flood of calls to the actual Thrift Savings Plan that lasted for weeks. Eventually the pension plan's chief of security traced the message to an Army domain, and the Pentagon tracked down the perpetrator. According to the post, the unnamed commander "was not reprimanded for acting on his own, because the rules were vague."
Full Article
IY Training on Phishing Detection Backfires for Army
+54
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.