Share it !
The data breach follows an attack on the website of the country's ministry of defense, and alleged hijacking of the social media accounts of current as well as a former heads of state. Attackers reportedly hijacked the Facebook account of the incumbent President Santos and Twitter account of former President Uribe. Anonymous group reportedly carried out the attacks on the Independence Day of Colombia. They allegedly posted a link on the hijacked accounts that directed visitors to a video on YouTube. The attackers also posted the group Logo on the microblogging account of former President.
Anonymous has been responsible for several attacks on government and corporate websites under the 'Anti Sec' campaign. The attacks come even after several arrests of alleged members of the cyber-attack group in United States (U.S), United Kingdom (U.K) and Netherlands. The attack group even launched its own social media site following the closure of their Google+ account. However, a rival attack group was successful in hijacking the site.
Cyber-attackers dump the extracted information on file sharing sites or underground crime sites providing opportunity for other attackers and criminals to launch targeted attacks on individual and organizational accounts. Negligent practices such as responding to unsolicited e-mails, use of weak or common passwords allow attackers to gain unauthorized access to user accounts and extract sensitive personal, financial, business or proprietary information. Cyber-attackers may also target counter crime officials to gain confidential information related to their associates currently under detention. Last year, cybercriminals created a fake account of Interpol Chief on a social media site. Workshops, training programs and online degree courses may help counter crime personnel in understanding and improving cyber security practices.
Professionals qualified in masters of security science may help organizations in making appropriate assessment of threats, address security lapses, and ensure implementation of the IT security policies.
Governments must encourage online university degree programs on cyber security to improve awareness among netizens, students and working professionals.
A couple of weeks ago, Gmail released a new feature to boost its anti-phishing capabilities. Whenever you receive a message that you haven’t heard from before, they will show you the full email address:
Normally, you would just see the sender’s name.? The way this works is that if you get an email from, say, the Bank of America, the Bank of America would be in the sender’s name and that’s it (so long as the sender can be verified by DKIM or SPF).? Gmail is displaying the P2 From address:
“Bank of America”
The part in between the quotes is the sender’s name while the part between the angle brackets is the sender’s email address.? This is attempts to combat phishing when a spammer sends you a mail purportedly from the Bank of America but a spoofed from address:
“Bank of America”
By showing you the full email address, Gmail hopes that some users will notice that the domain looks funny and will be suspicious of the sender even in the event that the spam filters don’t catch the message.
I’m not sure how effective the feature will be.? I would guess that if most users are like me, they won’t bother reading about the feature (I didn’t until I did a Bing search for “Google anti-phishing”).? Then, in their inboxes, they’ll notice that sometimes Gmail shows you the sender and sometimes it doesn’t.? They’ll wonder why but won’t really notice for the most part, and won’t bother to look up why.
Will this keep people from falling for phishing?? A really obvious spam email like ask32@rdc.ru might arouse suspicion, but noreplay@bank.america.rdc.com might not.?
People fall for phishing scams for a couple of reasons:
Their emotions of fear (of not having money) are triggered with interferes with their ability to think logically.They lack the proper education to recognize phishing scams.Google’s feature attempts to partially address point (2) – if a user has more information then they will be less likely to fall for scams.? But information on its own isn’t that useful.? Unless people know what to do with that information it won’t help because emotions are not logical at high levels of affect (that feeling of goodness or badness we get in response to all of life’s situations) and arousal.
What does help mitigate negative affect is education; it does this by keeping the emotional state at a lower level of arousal.? At low and medium states of arousal, emotions act in an advisory role.? At high levels, they can cause us to act in our own best interest.? Education helps dampen their effect by causing us to attribute the phishing scam to a non-authoritative source.? In other words, if you recognize a scam, you won’t fall for it because your emotions do not interfere with the logical part of your brain.
How could Google make this feature better?? In their explanation of the feature, they should have an explanation of what phishing is and how they are working to combat it.? They do say the following:
For example, if someone fakes a message from a sender that you trust, like your bank, you can use this information to see that the message is not really from your trusted sender.
That’s a good start, but we can improve it:? A bank will be trusted whereas a phisher will send fake emails and they will ask you to click a link to fill out your information.? If you see the email address, it is probably not from your bank.? Don’t worry, report the message as spam.? If you’ve clicked the link and filled it out, call your bank and tell them what you’ve done.? And so forth.?
It’s nice to see Google do stuff like this, and I’m sure that they are open to making stuff like this better.
