Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Jun 10, 2011

Tackling social engineering attacks with technology

Spear-phishing email attacks are a serious concern, a risk that is probably increasing.  The attacks work by fooling victims into doing something inapppropriate/unwise, such as visiting a dodgy website or opening a dodgy attachment.  'Fooling victims' is the crux of it, and email is just one of many possible ways of perpetrating the fraud.  The 'spear' part of the name refers to messages that narrowly target specific individuals, using information about them or their interests to hook them.

The most obvious way to tackle the spear phishing threat is to explain it, help potential victims limit the amount of potential lure material they release, recognize when they are being speared, and show them how to respond.  Security awareness in other words.  It's what we do.  Anti-malware is another part of the defense, along with various other security controls to limit the damage after a victim is fooled.

And now, if you have $130-150k to spare, you can even buy an "appliance" to detect and block spear phishing emails.

Golly.  How much awareness could one buy for $130-150k?  It had better be good!

Regards,
Gary (Gary@isect.com)