If you are a DocuSign user, please be aware of this threat and educate your end users accordingly.
There are numerous articles filling up RSS feeds and inboxes this morning covering the Google Docs phishing incident that came to light yesterday. I have personally seen this phish in the wild with a few people and it is quite convincing. One of the more interesting angles to this story is the possible truth that this was a graduate project and in no way malicious.
Setting that possibility aside, the potential impact of such an effective phish in the hands of a cyber criminal should give all of us pause. Hoping for the best, we should use this incident as a training mechanism, explaining to users what the implications are of clicking on and/or authorizing access to online information. Take the time this morning to review your Google permissions and tell a friend to do the same.
Yet another example that size does not matter – even the big boy tech companies are susceptible to phishing and cyber theft.
Now that we are in the heart of US tax season, these tips surrounding tax related phishing lures are timely and valuable. Please take the time to review and share.
This is in no way surprising and adds weight to the constant argument for more awareness training.
I agree that there must be a balanced approach to dealing with phishing. There is no silver bullet. Where we fail is when we assume one piece of technology or one training technique will solve the problem.
This article begs the question – how good is your security awareness training?
I would place myself in the category of someone who believes the insider threat is the biggest risk to an organization, but with a strong clarification. Insider threats are threats that are caused by humans – human error, socially engineered staff, and users with malicious intent. People will make mistakes and no amount of technology can fully prevent those errors. We must train our users thoroughly and often and we must prepare for the inevitable mistakes that will happen.
Social engineering is real and a first line of defense problem for most organizations. This is yet another strong example of the damage that can be inflicted through a well-placed scam.
This is so much truth in this article from Tripwire and it really speaks to human nature and phishing schemes are so effective. It is well worth a read as a reminder to why end user awareness training is so important.