Categories
Articles

How to Phish, and how to stop it

Wout Debaenst’s FIRST talk (video) described the preparatory steps an adversary must take before conducting a targeted phishing campaign, and the opportunities each of these presents for defenders to detect and prevent the attack before it happens. The talk was supposed to be accompanied by live demos, but these were sufficiently realistic that the hosting […]

Categories
Articles

How to become an expert phish-spotter

We’ve all been trained how to spot phishing emails: check the sender address, hover over links to see where they go, etc. But that’s a lot of work and mental effort. And, given that most emails aren’t phish, almost all wasted. So can we do it better? A fascinating paper by Rick Wash looked at […]

Categories
Articles

Improving security and privacy with AI

Two talks at last week’s FIRST conference looked at how Artificial Intelligence might be used in incident response. In both cases, the use of AI improves user privacy directly – by reducing or eliminating the need for human responders to look at user data – and also indirectly, by producing faster detection and mitigation of […]

Categories
Articles

Validating Password Dumps

It’s relatively common for incident response teams, in scanning the web for information about threats to their constituencies, to come across dumps of usernames and passwords. Even if the team can work out which service these refer to [*], it’s seldom clear whether they are the result of current phishing campaigns, information left over from […]

Categories
Articles

Phishing exercises?

Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I’ve always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS’s […]

Categories
Articles

Phishing trends

Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns. There is evidence that concerted campaigns against phishing can be effective – the .hk domain used to be one of the most commonly used […]