darren berkovitz, social engineering, mike bailey, mike murray, penetration testing, exploiting trust
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community
You Must Be Logged In
You must be a member of this group and logged in to rate this post. Please see the links above on joining this group and/or logging in.

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

March 2010 Posts

Archives
  Scott Wright's Security Views
Blog Entry

If an unsual inquiry or email has an urgent plea, it's risky to act on. But many do.

Monday, March 8th 2010 @ 12:00 AM (not yet rated)    post viewed 807 times

I often try to make the point that the human element is almost always the weakest link, and the easiest path of attack, for an enterprise. The article below by Dan Goodin of The Register gives some good examples of how this is the case. Security penetration testers, Mike Baily and Mike Murray, consistently illustrate how easy this is - just like with my Honey Stick Project.

http://www.theregister.co.uk/2010/03/04/social_penetration/

These guys just claimed a $10,000 prize for hacking the email account of StrongWebMail CEO, Darren Berkovitz.

They have a great observation in the following statement:

The come-ons often invoke a sense of urgency, such as an opportunity to make money only if the mark moves quickly. Scammers often try to form perceived bonds with their victims by thanking them for their attention or apologizing for an interruption. The ruses amount to hacks that suspend the marks' critical faculties just long enough to get them to make a critical mistake.

The bottom line is, if it's an unexpected message, and it has an urgent deadline, be VERY suspicious and check it out before taking action. Don't think the bad guys aren't every bit as inventive as these security testers.


Would your organization be interested in obtaining the right to use my security awareness eLearning content or articles in your enterprise security program? Or would you like help with strategy, risk assessment, program development or training? Please call or email me at the coordinates below...

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

Web Analytics

 rate this post: very bad poor average good fantastic!
Comments