3 June 2016 at 9:29am
It's relatively common for incident response teams, in scanning the web for information about threats to their constituencies, to come across dumps of usernames and passwords. Even if the team can work out which service these refer to [*], it's seldom clear whether they are the result of current phishing campaigns, information left over from years ago, or even fake details published by intruders who want to inflate their claims.
29 February 2016 at 2:32pm
About a year ago I published links to a couple of videos on raising awareness of phishing:
12 August 2015 at 2:52pm
Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I've always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS's quiz), and creating "teachable moments" may well be a good way to help us all learn.
11 December 2012 at 11:16am
Some interesting analysis was presented by Pat Cain at the FIRST conference on trends from APWG (Anti-Phishing Working Group) data including their six-monthly surveys of domain names used in phishing campaigns.
Subscribe to phishing