Think you're too smart to be fooled by a phisher? Think again.
By Dan Goodin
There has been a recent flurry of phishing attacks so surgically
precise and well-executed that they've managed to fool some of the
most aware people working in the cybersecurity industry. On Monday,
Tuesday, and Wednesday, two-factor authentication provider Twilio,
content delivery network Cloudflare, and network equipment maker Cisco
said phishers in possession of phone numbers belonging to employees
and employee family members had tricked their employees into revealing
their credentials. The phishers gained access to internal systems of
Twilio and Cisco. Cloudflare's hardware-based 2FA keys prevented the
phishers from accessing its systems.
https://arstechnica.com/information-technology/2022/08/im-a-security-reporte= r-and-got-fooled-by-a-blatant-phish/=
************************* Moderator's NOte *************************
Don't laugh: it happened to me. I managed to avoid a phishing scan
that /almost/ got me to enter my PayPal password on a site which
turned out to be in Mali, but after I patted myself on the back, I
realized that I had already entered my debit card number before being "transferred to PayPal to complete the payment." You would not believe
how hard it is to get a debit card cancelled on a Saturday evening!
But, this isn't about a singel near-miss. The problem is that our
entire banking system has been denuded of human interaction and
face-to-face recognition. Passing a forged check to a real person is
very difficult, and it used to be that the only way to do banking
fraud was to convince real people that you were something you were
not. For practical purposes, that used to be "good enough" security.
No money lost (thank Ghod for online cancellation options), but
lesson learned: your greatest security weakness is yourself.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)