phishing

3 June 2016 at 9:29am

Validating Password Dumps

Andrew Cormack
incident response
Computer Misuse Act
phishing
It's relatively common for incident response teams, in scanning the web for information about threats to their constituencies, to come across dumps of usernames and passwords. Even if the team can work out which service these refer to [*], it's seldom clear whether they are the result of current phishing campaigns, information left over from years ago, or even fake details published by intruders who want to inflate their claims.
Read more

Gone phishing...

John Chapman
29 February 2016 at 2:32pm
phishing
awareness
About a year ago I published links to a couple of videos on raising awareness of phishing:
Read more
12 August 2015 at 2:52pm

Phishing exercises?

Andrew Cormack
security
Awareness Raising
phishing
Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I've always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS's quiz), and creating "teachable moments" may well be a good way to help us all learn.
Read more
11 December 2012 at 11:16am

Phishing trends

Andrew Cormack
Cybercrime
phishing
Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns.
Read more
Subscribe to phishing