[AISWorld] Share Economy Goes B2B

MurphJen at aol.com MurphJen at aol.com
Sat Aug 20 19:27:28 EDT 2016 

My point in bringing this up is that as a security researcher, teacher, and 
 consultant this email would have been flagged in my organization or I 
would have  hoped my people would have questioned it.  I'm not accusing Eric of  
anything but I did see an opportunity to bring up an issue we may want to  
tackle.  I was at the Blackhat security conference a couple of weeks ago  
and attended a presentation on automated phishing.  It was interesting that  
the collected statistics on phishing are that spear phishing tends to be 
about  45% effective, automated phishing 30% effective, and regular phishing a 
percent  or two effective.
 
Automated phishing uses bots to craft the email and send the attack.   
Eric's email had many characteristics of such an attack:
 
The text content was short and was such that it cannot be said it was not  
generated by a bot (or conversely it isn't certain that it was written by a  
human)
 
The source of the email is a trusted list
 
the indicated author of the email is a trusted source
 
The link is a commonly used and mostly trusted source
 
The link has a slight deviation from the norm (youtu.be instead of  youtube)
 
Note that the responses have indicated that youtu.be is perhaps an indirect 
 link or a draft link.
 
>From a risk perspective I educate my users not to use that link as the  
benefit is not there.
 
Why should we care?  I use the resources aisworld sends out, I look at  the 
links I use the files.  I do pay attention to the risks.  I  recently 
connected to my passport backup drive and two of the pdf files had  malware in 
them that was not detected when I first downloaded the files.
 
Ok my point is we probably should have a policy on sending out links and  
files.  Of course I believe we are all sending out good stuff, I'm worried  
about the automated attacks.
 
My proposal is that we need to write a more human email with the files and  
links.  I believe many of us are humble and so don't say much about  
ourselves when we send out a resource, that is way too easy for a bot to  imitate. 
 We need to include a little more discussion about specifics of  ourselves, 
how we are using the resource, etc.  This will help readers  determine if a 
real person is sending out the resource.   Additionally, only send links in 
standard formats as automated  defenses may block the email before it gets 
to the user or the user will  hopefully notice something is different.  Of 
course you should also scan  the resource before opening, and if in doubt 
about a url, ask.
 
Yes its a Saturday and maybe getting worked up about nothing but I believe  
we all have seen the clumsy phishing attempts on aisworld, this was the 
first  that to me looked like an automated phishing attack.....murray.  
 
 
In a message dated 8/20/2016 1:54:09 P.M. Pacific Daylight Time,  
brian.dobing at uleth.ca writes:

The  youtu.be (with the extra dot in it) is sometimes used for draft videos 
before  general release. Recently my wife received a video of a conference  
presentation with this type of URL and it worked fine. 

Of course, that  doesn't mean that all youtu.be stuff is legitimate but it 
certainly isn't all  dangerous.

Brian Dobing

-----Original Message-----
From:  AISWorld [mailto:aisworld-bounces at lists.aisnet.org] On Behalf Of  
MurphJen at aol.com
Sent: August 20, 2016 2:13 PM
To:  Eric.Johnson at owen.vanderbilt.edu; aisworld at lists.aisnet.org
Subject: Re:  [AISWorld] Share Economy Goes B2B

I'm not positive that the below link  is false and will load malware but I  
do hope everyone noticed the  problem with the address before going to it.  
 
I have not found  a youtube video with an address that includes youtu.be in 
it.  I haven't  found the video by searching Youtube yet.  Again, I'm  not 
saying  this is a phishing attempt but it does show how careful and 
observant you need  to be and to not just trust the aisworld list for links...murray


In  a message dated 8/20/2016 6:38:25 A.M. Pacific Daylight Time,  
Eric.Johnson at owen.vanderbilt.edu writes:

See how  the share  economy is evolving from consumer apps like uber and 
airbnb to   businesses ventures throughout the supply chain (from MSOM 2016   
Conference):    https://youtu.be/4qQK01OL8FM

_______________________________________________
AISWorld   mailing   list
AISWorld at lists.aisnet.org

_______________________________________________
AISWorld  mailing  list
AISWorld at lists.aisnet.org

More information about the AISWorld mailing list