[AISWorld] Share Economy Goes B2B

MurphJen at aol.com MurphJen at aol.com
Sat Aug 20 19:34:56 EDT 2016 

One other quick point I forgot to mention, the use of an intermediate  
url/website is one of the most common ways to attack and send malware, hence my  
concern over such a little thing like youtu.be
 
 
In a message dated 8/20/2016 4:27:28 P.M. Pacific Daylight Time,  
MurphJen at aol.com writes:

My point in bringing this up is that as a security researcher, teacher,  
and consultant this email would have been flagged in my organization or I  
would have hoped my people would have questioned it.  I'm not accusing  Eric of 
anything but I did see an opportunity to bring up an issue we may want  to 
tackle.  I was at the Blackhat security conference a couple of weeks  ago 
and attended a presentation on automated phishing.  It was  interesting that 
the collected statistics on phishing are that spear phishing  tends to be 
about 45% effective, automated phishing 30% effective, and regular  phishing a 
percent or two effective.
 
Automated phishing uses bots to craft the email and send the  attack.  
Eric's email had many characteristics of such an attack:
 
The text content was short and was such that it cannot be said it was not  
generated by a bot (or conversely it isn't certain that it was written by a  
human)
 
The source of the email is a trusted list
 
the indicated author of the email is a trusted source
 
The link is a commonly used and mostly trusted source
 
The link has a slight deviation from the norm (youtu.be instead of  youtube)
 
Note that the responses have indicated that youtu.be is perhaps an  
indirect link or a draft link.
 
>From a risk perspective I educate my users not to use that link as the  
benefit is not there.
 
Why should we care?  I use the resources aisworld sends out, I look  at the 
links I use the files.  I do pay attention to the risks.  I  recently 
connected to my passport backup drive and two of the pdf files had  malware in 
them that was not detected when I first downloaded the files.
 
Ok my point is we probably should have a policy on sending out links and  
files.  Of course I believe we are all sending out good stuff, I'm  worried 
about the automated attacks.
 
My proposal is that we need to write a more human email with the files  and 
links.  I believe many of us are humble and so don't say much about  
ourselves when we send out a resource, that is way too easy for a bot to  imitate. 
 We need to include a little more discussion about specifics of  ourselves, 
how we are using the resource, etc.  This will help readers  determine if a 
real person is sending out the resource.   Additionally, only send links in 
standard formats as automated  defenses may block the email before it gets 
to the user or the user will  hopefully notice something is different.  Of 
course you should also scan  the resource before opening, and if in doubt 
about a url, ask.
 
Yes its a Saturday and maybe getting worked up about nothing but I  believe 
we all have seen the clumsy phishing attempts on aisworld, this was  the 
first that to me looked like an automated phishing  attack.....murray.  
 
 
In a message dated 8/20/2016 1:54:09 P.M. Pacific Daylight Time,  
brian.dobing at uleth.ca writes:

The  youtu.be (with the extra dot in it) is sometimes used for draft videos 
 before general release. Recently my wife received a video of a conference  
presentation with this type of URL and it worked fine. 

Of course,  that doesn't mean that all youtu.be stuff is legitimate but it 
certainly  isn't all dangerous.

Brian Dobing

-----Original  Message-----
From: AISWorld [mailto:aisworld-bounces at lists.aisnet.org] On  Behalf Of 
MurphJen at aol.com
Sent: August 20, 2016 2:13 PM
To:  Eric.Johnson at owen.vanderbilt.edu; aisworld at lists.aisnet.org
Subject: Re:  [AISWorld] Share Economy Goes B2B

I'm not positive that the below  link is false and will load malware but I  
do hope everyone noticed  the problem with the address before going to it.  
 
I have not  found a youtube video with an address that includes youtu.be in 
it.  I  haven't found the video by searching Youtube yet.  Again, I'm  not  
saying this is a phishing attempt but it does show how careful and 
observant  you need to be and to not just trust the aisworld list for  links...murray


In a message dated 8/20/2016 6:38:25 A.M. Pacific  Daylight Time, 
Eric.Johnson at owen.vanderbilt.edu writes:

See how   the share economy is evolving from consumer apps like uber and 
airbnb  to  businesses ventures throughout the supply chain (from MSOM  2016  
Conference):    https://youtu.be/4qQK01OL8FM

_______________________________________________
AISWorld   mailing   list
AISWorld at lists.aisnet.org

_______________________________________________
AISWorld  mailing  list
AISWorld at lists.aisnet.org

More information about the AISWorld mailing list