Network Security News

Employees have high fail rate at detecting phishing scams

Monday, September 14, 2009

Some companies hire outside IT security firms to conduct social engineering tests on their employees' response to phishing emails and other scams. The results are not very encouraging for corporate network security.

One such testing firm, Redspin, said it has conducted hundreds of social engineering assessments for corporations and financial institutions which included telephone based password acquisition, email phishing and thumb drive drops.

For email phishing, Redspin reports a 22 percent failure rate among employees. Phone phishing gets an even higher failure rate of 53 percent. At the organization level, 94 percent of all companies had at least one employee respond to phishing email, while 72 percent of companies had at least one worker get fooled by phone phishing.

One of the social engineering tests performed by Redspin involves giving away free thumb drives, which hackers can use to spread malware and spyware.

Last month, the National Credit Union Administration (NCUA) reported that member credit unions were receiving packages purporting to come from NCUA containing CD-ROMs containing malware.

It turned out the CD-ROMs were sent by a firm called Microserved, which was authorized to test credit unions for their response to such a real attack.

ADNFCR-1765-ID-19359499-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now