Spear-Phishing Your Way to Online Safety?

by santonov on November 29th, 2006 in Industry and Security News.

In case you haven't seen it yet, the SANS Institute has come out with an updated Internet Security Attack Targets report and, no surprise here, phishing has made the top 20 list. What is a bit of a shocker is one of the methods that is recommended to combat spear-phishing attacks.

Unfamiliar with the term? Spear-phishing is a targeted phishing attack; spear-phishers will target a group, fool you into thinking that someone inside sent an e-mail, and then try to get confidential information from you.

The SANS Institute says that the most promising way to stop these attacks is to let computer users experience them in a safe environment. In other words, fake phish.

"A child often learns not to touch a stove after he has burnt his finger. By making the phishing experience illuminating, but not too painful, you can get the same effect without doing real damage," the report says. The premise implies that we computer users are inexperienced and need to be taught a lesson in order to sense a scam. Then again, with online threats constantly adapting in order to find new ways to fools us, our misjudgement accounts for many security blunders.

When the U.S. Military Academy at West Point reportedly tried this method out, 90 percent of the cadets clicked a link inside a fake phishing e-mail, even after hours of computer security lessons!

The idea to "cry wolf" is still a little controversial to some, even if it is a means to keeping organizations safe from phishers.

Make sure you stay aware of the possibility of all kinds of online scams. A little suspicion about e-mails and instant messages could go a long way in keeping us safe - from online crime and from the shame of falling for fake phishing!