Wednesday, August 17, 2005

'Spear Phishing' Tests Educate People About Online Scams

WSJ.com : "To fight computer crime, the good guys are masquerading as bad guys pretending to be good guys.
In recent months, nearly 10,000 New York state employees have received email messages that appeared to be official notices asking them to click on Web links and provide passwords and other confidential information about themselves.
Those who complied received gentle slaps on the wrist from William Pelgrin, New York's chief information security officer, who explained that the seemingly authentic messages were crafted by state officials 'to demonstrate how realistic attackers' fake emails can seem.'
The exercise, along with similar ones conducted at the U.S. Military Academy at West Point, N.Y., and at least two other organizations, represents a new -- and controversial -- approach to fending off computer hackers. By using some of the same 'social engineering' techniques as the attackers, defenders hope to train users to be more careful about sharing sensitive information online. Mr. Pelgrin plans to brief officials from other states about the exercise in a conference call today.
'This is not a one-shot deal,' Mr. Pelgrin says. 'I've got to reinforce that behavioral change to make it permanent.'"

No comments: