• My Tweats

    • Flickr Photos

    New phishing scams target consumers via VoIP

    Via digg:

    According to Cloudmark, what's new here is the criminal use of VoIP and PBX software to set up a voice-mail system that sounds like your bank. The same low-cost setup that's enabling small businesses to sound professional is enabling small-time scam artists to do the same.

    read more

    Social Engineering Attacks (trusting attacks) are going to continue to get more sophisticated, and keep looking different. The depend upon several factors:

    1. Information overloaded victims…just follow the link quickly – don't pay to much attention to details – get to the next emails
    2. Security naive victims…"gee this looks okay to me"
    3. Freshness…"well it doesn't look like a scam I have seen before"

    The countermeasures are familiar:

    1. Deploy network security devices (like Fortinet's Fortigates) that scan email and web traffic blocking phishing/pharming/other attacks
    2. Security Awareness updates and training…have suspicion be the default mode of the user-base (have InfoSec people respond quickly to inquiries of this suspicion-mode user-base too)
    3. Practice Information Security Lawfare

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Google photo

    You are commenting using your Google account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

    %d bloggers like this: