
Obscure Indian cyber firm spied on politicians, investors worldwide - vharuck
https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ
======
seesawtron
>They sent malicious emails to the targeted parties tricking them to share
their login information.

This is a reminder how naive we can be interacting with malicious individuals
on the internet. Are there any useful platforms that teach internet safety in
everyday life?

~~~
miohtama
In most cases, forcing staff to use two-factor authentication is enough to
block most of attempts. Employees can still leak their passcode onc (even
though stealing codes is more difficult), but there is much less risk of
persistent compromise.

~~~
ramimac
2FA is important of course, but it is in no way a panacea. Especially SMS or
TOTP MFA. It is near-trivial to add a phase to phishing that captures the
second factor as well. Tools like
[https://github.com/kgretzky/evilginx2](https://github.com/kgretzky/evilginx2)
support it out-of-the-box.

------
bobbydreamer
Well one think I noticed with unscribing a email newsletter than after doing
it you start to lots of mails and got to know unscribing something is a way to
indicate that email is active. My two cents. So now just click spam and let
email provider run some machine learning and pattern to figure out it's a
spam.

