Friday, June 3, 2011

Literally unbelievable (cont'd)

Further evidence that the Soviets caved way too easily...

A few weeks ago representatives from a company called FireEye were in the GCN Lab demonstrating their product, which can protect networks from most phishing attacks. An engineer told me a story about a company he knew that would run phishing drills with their employees. They would tell everyone in the company that a phishing scam (created internally for just this purpose) would be delivered at noon the next day. They told them what the scam would attempt to get them to do and what the scam would look like. They told everyone to treat it like a real phishing scam, and to delete or ignore the e-mail. For extra points, they were told they could alert the tech staff about the attack, though this wasn’t required.

Sounds simple, right? According to the engineer telling the story, even with all those precautions, 60 percent of the people in the company still clicked on the e-mail the next day and about 30 percent entered their network passwords into the "hacker site." I can’t help but wonder how many of those same people must touch their red hot stove burner every day just to make sure it’s heating properly.