[AISWorld] Share Economy Goes B2B
MurphJen at aol.com
MurphJen at aol.com
Sat Aug 20 19:27:28 EDT 2016
My point in bringing this up is that as a security researcher, teacher, and
consultant this email would have been flagged in my organization or I
would have hoped my people would have questioned it. I'm not accusing Eric of
anything but I did see an opportunity to bring up an issue we may want to
tackle. I was at the Blackhat security conference a couple of weeks ago
and attended a presentation on automated phishing. It was interesting that
the collected statistics on phishing are that spear phishing tends to be
about 45% effective, automated phishing 30% effective, and regular phishing a
percent or two effective.
Automated phishing uses bots to craft the email and send the attack.
Eric's email had many characteristics of such an attack:
The text content was short and was such that it cannot be said it was not
generated by a bot (or conversely it isn't certain that it was written by a
human)
The source of the email is a trusted list
the indicated author of the email is a trusted source
The link is a commonly used and mostly trusted source
The link has a slight deviation from the norm (youtu.be instead of youtube)
Note that the responses have indicated that youtu.be is perhaps an indirect
link or a draft link.
>From a risk perspective I educate my users not to use that link as the
benefit is not there.
Why should we care? I use the resources aisworld sends out, I look at the
links I use the files. I do pay attention to the risks. I recently
connected to my passport backup drive and two of the pdf files had malware in
them that was not detected when I first downloaded the files.
Ok my point is we probably should have a policy on sending out links and
files. Of course I believe we are all sending out good stuff, I'm worried
about the automated attacks.
My proposal is that we need to write a more human email with the files and
links. I believe many of us are humble and so don't say much about
ourselves when we send out a resource, that is way too easy for a bot to imitate.
We need to include a little more discussion about specifics of ourselves,
how we are using the resource, etc. This will help readers determine if a
real person is sending out the resource. Additionally, only send links in
standard formats as automated defenses may block the email before it gets
to the user or the user will hopefully notice something is different. Of
course you should also scan the resource before opening, and if in doubt
about a url, ask.
Yes its a Saturday and maybe getting worked up about nothing but I believe
we all have seen the clumsy phishing attempts on aisworld, this was the
first that to me looked like an automated phishing attack.....murray.
In a message dated 8/20/2016 1:54:09 P.M. Pacific Daylight Time,
brian.dobing at uleth.ca writes:
The youtu.be (with the extra dot in it) is sometimes used for draft videos
before general release. Recently my wife received a video of a conference
presentation with this type of URL and it worked fine.
Of course, that doesn't mean that all youtu.be stuff is legitimate but it
certainly isn't all dangerous.
Brian Dobing
-----Original Message-----
From: AISWorld [mailto:aisworld-bounces at lists.aisnet.org] On Behalf Of
MurphJen at aol.com
Sent: August 20, 2016 2:13 PM
To: Eric.Johnson at owen.vanderbilt.edu; aisworld at lists.aisnet.org
Subject: Re: [AISWorld] Share Economy Goes B2B
I'm not positive that the below link is false and will load malware but I
do hope everyone noticed the problem with the address before going to it.
I have not found a youtube video with an address that includes youtu.be in
it. I haven't found the video by searching Youtube yet. Again, I'm not
saying this is a phishing attempt but it does show how careful and
observant you need to be and to not just trust the aisworld list for links...murray
In a message dated 8/20/2016 6:38:25 A.M. Pacific Daylight Time,
Eric.Johnson at owen.vanderbilt.edu writes:
See how the share economy is evolving from consumer apps like uber and
airbnb to businesses ventures throughout the supply chain (from MSOM 2016
Conference): https://youtu.be/4qQK01OL8FM
_______________________________________________
AISWorld mailing list
AISWorld at lists.aisnet.org
_______________________________________________
AISWorld mailing list
AISWorld at lists.aisnet.org
More information about the AISWorld
mailing list