Phishing

This is [phishing] news?!?

We seem to be missing the boat on security awareness of phishing attacks: it’s not just for bank and credit card accounts anymore.  This article notes the “DHL,” “tax refund,” and similar queries.  I would have thought these were obvious, but they seem to be the most successful ways to get spear phishing and APT information.

Not the bad news you thought you were reporting …

“The 2012 Norton Cybercrime Report, released Wednesday, says more than 46 per cent of Canadians have reported attempts by hackers to try to obtain personal data over the past 12 months,” according to the Vancouver Sun.

Well, since I see phishing every single day, and malware a few times times per week, what this survey is *really* saying is that 54% of Canadians don’t know what phishing and malware looks like.

(And you others don’t need to gloat: apparently the same figure holds globally …)

Kinda depressing …

Cloudy with a chance of hacking

Following closely upon the article/confession about cloud linked accounts and devices, and the ease of hacking them (with some interesting points about authentication systems):

I noticed, this morning, that the number of phishing messages, and specifically email account phishing, had, after a couple of relatively low months, suddenly jumped again.

Excessive convenience almost always = insecurity.  I have not linked any of my socmed accounts.  Facebook doesn’t have my Twitter account password, etc.  This is somewhat inconvenient, since I have to sign on to the different accounts in order to post things.  However, it does mean that, in the case of this type of story, I can just use it as an example and move on, rather than spending time changing the passwords on all my accounts.

Sophos Threatsaurus

http://www.sophos.com/en-us/security-news-trends/security-trends/threatsaurus.aspx

Concentrating on malware and phishing, this is a very decent guide for “average” computer users with little or no security background or knowledge.  Three sections in a kind of dictionary or encyclopedia format: malware and threats, protection technologies, and a (very brief but still useful) history of malware (1949-2012).

Available free for download, and (unlike a great many “free” downloads I could name) you don’t even have to register for endless spam from the company.

Recommended to pass around to family, friends, and your corporate security awareness department.