Posted by: Troy Tate
infosec, infosec awareness, phishing, security education, social engineering, ssl certificates
In every employee meeting where I have an opportunity to speak about information security, I bring up the topic of phishing. Phishing is one of the biggest threats in information security today. Social engineering seems to be more prevalent, and harder to detect, than ever and we all have to be vigilant to protect ourselves and others. I say protecting others – by this I am referring to those social engineering attacks which result in a system getting compromised with a bot that then attacks other systems.
However, I digress from the purpose of this posting. I was recently made aware of a good phishing awareness education website. Even though the website is an advertisement by Verisign, it still has a good message for the general consumer and computer user population. The website presents 5 good websites and 5 phishing websites. The visitor is requested to decide which is the real website and which is the phishing website. It’s not easy to determine in some cases. In fact, the phishing websites get “better” as you go through the quiz. The quiz runs a second time though the 5 websites using Verisign “Extended Validation SSL” certificates on the good sites. TIP: watch for the green address bar. I would recommend that you take a few minutes, run through this quiz yourself and see how you do. Share the quiz with co-workers and family members. Visit Verisign’s Phish or No-Phish quiz and see how you do.
Folks, phishing is a real threat. The “bad” websites are getting “better” every day. Education, awareness and attention to detail may be the only way you prevent being directly affected by this threat. Thanks for reading & let’s continue to be good network citizens!