Phishing for beer

Security researchers have identified several commonly used phishing attack vectors to lure unsuspecting users into a false sense of security, where they inadvertently give away personal information to complete strangers.

“Vishing” is the use of voicemail to solicit a return call in which a user is convinced to share personal information.

“Smishing” is when SMS text messages intended to lure recipients into clicking on a link that can lead to a webpage designed to steal credentials.

Pishing is when you get fed plenty of booze and then start mouthing-off, reveal a few secrets, passwords and PINs, tell your best mate and everyone around how much you love them and get up close and personal with the pub floor before being bundled into a cab.

Thanks to the ubiquity of mobile communications, if an IT admin find himself or herself in such a predicament, the logical course of action is to attempt to log into the corporate network over a secure connection and change the admin password real quick.

In our experience, this is easier said than done: cabs don’t seem to stay still for long enough for you to focus your fingers on the QWERTY touchscreen keyboard. Never mind, eh? Now is a perfect opportunity to tell the IT helpdesk how much you love them.

Content Continues Below

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Good post, Cliff...we need more visibility in this area. There are still too many users (IT staff included) falling for these attacks and carelessly giving up information. I'm finding in about 25% of my email phishing testing that IT staff are clicking links and, in certain cases, providing their login credentials or downloading files that could have been malicious. Crazy stuff!

Here are some pieces I've written on the subject of email phishing for additional reading if anyone is interested.