Subj : Re: Security Suites for c
To   : Atreyu
From : Arelor
Date : Tue Aug 09 2022 18:17:15

  Re: Re: Security Suites for c
  By: Atreyu to Vk3Jed on Fri Aug 05 2022 08:08 am

 > Some of them ARE getting creative, I'll give it that, but maybe it comes wit
 > being on IT for many years that one knows what to look for .... you would
 > think that of all the phishing/malware scams they would at least get the
 > spelling and grammar right!

The spellchecker filter is no longer the main defense.

I recently had to help somebody make it through his anti-phishing training
course and, while I think the material is not abyssmal, I think it was
obsolete.

Carpet bombing attacks in which they send thousands of phishing emails with a
generic story which would apply to most people, attempting to get the dumbest
of users to fall for them, are very easy to spot. However, as of late I have
spotted very good targeted attemtps. Most people is not ready to deal with
those, and that is frightening.

The worst of them all are those who are crafted from stolen information only a
reduced group of people is used to have. For example, I have seen cases in
which some medical asociation we colaborate with had a data breach, and the
data thieves used the stolen information to impersonate members of the
asociation and try to get Doctors to provide them with secret information or
with funds.

You don't have to be a freak of nature to identify phishing attempts, but the
new generation of attacks I see these days... I am sure it is VERY good at
stealing money and data from people who is not familiar with the digital
environment. A grandpa who has just made his first online purchase ever won't
be worried if the "parcel delivery agency" (aka phisher who has compromised the
delivery agency's IT) asks him for extra information to deliver the order.


--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.15-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.