“Google Docs” Worm Ransacks Gmail Users’ Contact Lists – What You Need to Know

There are numerous articles filling up RSS feeds and inboxes this morning covering the Google Docs phishing incident that came to light yesterday.  I have personally seen this phish in the wild with a few people and it is quite convincing.  One of the more interesting angles to this story is the possible truth that this was a graduate project and in no way malicious.

Setting that possibility aside, the potential impact of such an effective phish in the hands of a cyber criminal should give all of us pause.  Hoping for the best, we should use this incident as a training mechanism, explaining to users what the implications are of clicking on and/or authorizing access to online information.  Take the time this morning to review your Google permissions and tell a friend to do the same.

https://www.tripwire.com/state-of-security/security-data-protection/google-docs-worm-ransacks-gmail-users-need-know/

https://nakedsecurity.sophos.com/2017/05/04/student-claims-google-docs-blast-was-a-test-not-a-phishing-attempt/

Half of IT Pros Say Insider Threats Are a Bigger Concern Than Hackers

I would place myself in the category of someone who believes the insider threat is the biggest risk to an organization, but with a strong clarification.  Insider threats are threats that are caused by humans – human error, socially engineered staff, and users with malicious intent.  People will make mistakes and no amount of technology can fully prevent those errors.  We must train our users thoroughly and often and we must prepare for the inevitable mistakes that will happen.

http://www.infosecurity-magazine.com/news/half-of-it-pros-say-insider/