Security's Everyman

Security's Everyman

Friday, October 05, 2007

Oh, You Sad, Sad, Little Man

I hope that none of my readers take this personally. Actually, I hope (and really believe) that none of my readers would fall for this. I know that there are lonely people out there who want and need love and attention, but really now, the Internet (at least not via a unsolicited email) is not the place to find it. It's hard to believe that people actually fall for this kind of stuff. It reminds me of a scam that was going around in the late 90's where you would receive an email saying that someone had a crush on you and it was your job to guess who it was. It would take you to a site where you would put in their email address and press "submit". If the email address was right then they sent you the message from them. If it was wrong then you were prompted to enter another address. Needless to say you were never right. It was just a way to harvest email addresses for other malicious purposes.

I love this quote from the article.

"It's a pretty sad state of affairs that cybercriminals need little more than a picture of a blonde woman with pigtails to steal passwords from unwary internet users."

This goes back to how do we as security professionals address this? Hopefully within our organizations we have the policies and controls in place to deal with and prevent this, but what about when your employee goes home. We have to remember that bad practices at home will lead to bad practices at work and technology won't always prevent human error. Educating your employees on how to be safe online at home is just as important as being safe at work. Especially in today's world where more and more people are working remotely. A compromised home PC that connects to the network via VPN is just like having a compromised PC in your office.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.