Hacker News new | ask | show | jobs
by SaltyLemonZest 2150 days ago
The question isn't how you and I can individually avoid being spear phished, but what policies can be implemented across an organization to prevent it. Even the most trusted security teams aren't going to be allowed to summarily fire everyone who fails the test.

I also think this is a much stricter standard than you're recognizing. In my company's last spearphishing test, they sent out a link purporting to be a company survey immediately after an all-hands meeting announcing there'd be a survey (the real survey link came a few hours later). Expecting that nobody will be distracted enough to fall for such a thing seems unrealistic no matter how well you train them.
3 comments
lopmotr 2150 days ago
Just wondering if employees failed the test just by clicking on the link or if they had to actually enter some passwords or confidential information on the fake survey site. I wouldn't think clicking a link then looking at the address bar and seeing the domain name is wrong, then closing the page would be a problem, would it?
link
SaltyLemonZest 2149 days ago
We got judged on both. Most security teams in my experience feel that even clicking on the link is a big risk, although I've never read a more detailed explanation of why than "oh there might be a 0-day".
link
souprock 2141 days ago
I've seen that. It was funny.

The corporate security team sent out the email. It had a link with no actual content, giving an error, but that got you on the list of people with bad security behavior.

The trouble at my office was that most employees were highly capable security researchers. These are people who reverse engineer malware for pay and for fun. Of course they eagerly attempted to download from the link! They wanted fresh new malware. People would typically download via wget in a virtual machine on a PC without important data.

link
vangelis 2149 days ago
Jeez, what's next, seeing how the NOC handles a (fake) hostage situation?
link
wolco 2150 days ago
Disable links in emails by default goes a long way.
link
caskstrength 2150 days ago
How would this work? I get emails like "you have been added to <link> gerrit review" and "<link> Redmine issue was updated" several time a day and I need to open these links.
link
wolco 2149 days ago
The links become text and you would copy and paste. That's how thunderbird does it.
link