social engineering

Published on June 25, 2009 by Karen Letain in News

9 out of 10 email messages sent contain spam

I was digging through some blogs recently and happened upon an interesting post on the TechRepublic IT Security blog site tited:  Spam:  Previous record toppled. http://blogs.techrepublic.com.com/security/?p=1769

The opening line held my attention....Incredibly, out of every 10 e-mail messages sent nine contain spam and that’s a new record. Hard to actually believe it, isn't it?  The article goes on to detail which countries it comes from and the time of day that spam email is most prevalent. It does mention that the number of e-mail messages containing virus code has decreased to one in 317 e-mail messages and the number of e-mail messages containing phishing content is leveling off at one in 279 e-mail messages.

The article goes on to state that there’s a significant amount of spam (40%) being sent out by smaller and relatively unknown botnets. Also the people controlling these botnets seem to prefer using stolen Web-based e-mail accounts like Gmail for sending spam. The writier identified that a possible explanation for this is that using stolen Gmail accounts allow botmasters to apply spear phishing and social-engineering techniques on the specifically targeted organizations or individuals. This usually increases the success rate. Using Web-based e-mail accounts also increases the likelihood of getting to the intended victim since most administrators don’t filter e-mail emanating from sources like Gmail.

0 Comment

Published on June 04, 2009 by Karen Letain in News

To tweet or not to tweet

For anyone out there experimenting with Twitter, you are probably aware that with so few characters to use to tweet, you eventually need to look at using a Short URL service to direct your followers to what you want them to read or see.These Short URL services are great and guess what... they are free!  This seems great until you start thinking about potential security risks.  For companies with employees that are sneaking in a few tweets a day at work, those security issues could become a big problem.

Let's start by understanding that anyone following a Twitter account blindly, clicks on the Short URL without really knowing where they are being taken.  In other words, they have no clue of where the destination page is actually going. Which means...an attacker can tweet that he is linking to a new picture of a rare white moose, but instead they are sending the user to a website hosting malicious content.

Organizations need to educate their employees not only on the policies and risks regarding using social media and the potential hazards of social engineering at work, but should also make them aware that they need to pay close attention when using social media sites at home.

0 Comment