Category: phishing

Auto Added by WPeMatico

Why Take9 Won’t Improve Cybersecurity

Posted on By infossl
computer security, phishing, psychology of security, security awareness, Security technology, Uncategorized

There’s a new cybersecurity awareness campaign: Take9. The idea is that people—you, me, everyone—should just pause for nine seconds and think more about the link they are planning to click on, the file they are planning to download, or whatever it is they are planning to share. There’s a website—of course—and a video, well-produced and … Read More “Why Take9 Won’t Improve Cybersecurity” »

Device Code Phishing

Posted on By infossl
authentication, authorization, phishing, russia, Security technology, Uncategorized

This isn’t new, but it’s increasingly popular: The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it … Read More “Device Code Phishing” »

AI Will Increase the Quantity—and Quality—of Phishing Scams

Posted on By infossl
artificial intelligence, LLM, phishing, Security technology, Uncategorized

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review: Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of … Read More “AI Will Increase the Quantity—and Quality—of Phishing Scams” »

X.com Automatically Changing Link Text but Not URLs

Posted on By infossl
domain names, phishing, Security technology, twitter, Uncategorized

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL. So if you were a clever phisher and registered fedetwitter.com, people would … Read More “X.com Automatically Changing Link Text but Not URLs” »

LLMs and Phishing

Posted on By infossl
ChatGPT, essays, machine learning, phishing, scams, Security technology, Uncategorized

Here’s an experiment being run by undergraduate computer science students everywhere: Ask ChatGPT to generate phishing emails, and test whether these are better at persuading victims to respond or click on the link than the usual spam. It’s an interesting experiment, and the results are likely to vary wildly based on the details of the … Read More “LLMs and Phishing” »