Hacker Newsnew | comments | show | ask | jobs | submit login

Giving away email credentials to a third party service, regardless of reason, should be both covered in your internal training materials, as well as be maintained as a firing offense.

This is really just a case of well-branded spearphishing. You should already be protecting against that.




> This is really just a case of well-branded spearphishing.

Spearphishing is distinguished from phishing more generally by having very narrow, specific target selection.

If we are going to look for a analogies to techniques of catching fish, this is more weir phishing than spearphishing.

-----


It's more subtle than that, since the "Intro" iOS profile simply sets up a proxy.

This would take about three clicks from an end-user, and at no point do they knowingly disclose their passwords...

-----


This is really just a case of well-branded spearphishing. You should already be protecting against that.

Well really, it's somewhere between generic phishing and tightly targeted (spear) phishing.

But the thing you have to remember about "phishing", about "spear phishing", about "social engineering" and about the cons that con-artists have been pulling since before computers existed is you are never just protected from this since every social con is based on exploiting a reflexive, habitual response and the con-artist will always find those no matter how people are simply trained (indeed, the more robot-like you make people's reactions, the more reflexes the con-artist has to work with).

So basically, any serious organization has to keep on top of the new threats coming. Every organization has to warn it's people not to do what they already ought to know better than to do.

Eternal vigilance... Reminds me of something else.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: