Wednesday, November 15, 2006

Spear Phishing?

"Security group ranks human error as top security worry" says this article on the Network World website.

My first reaction was a resounding "DUH!"

In this "spear phishing" experiment conducted on West Point Military Academy cadets (who should be really smart people), more than 80% fell for the trap by following a link from an unsolicited email to a website and following some sort of instructions. What's worse, 90% of freshman cadets clicked on the link, even after hours of computer security instruction.


Maybe I'm cold and heartless, but my faith in people to not do stupid things with their computers is somewhere around nonexistent.

Today, there are many options available for hardware and software to protect computer users from having their machine compromised without their knowledge or interaction. Anti-virus, Anti-spyware, Anti-this-that-and-the-other-thing. But there is nothing that will reliably protect people from themselves and their (our) own stupidity.

What's the saying? "Nothing is fool-proof to the creative fool." or something like that.

This is nothing like the spear fishing that you do on a frozen lake in northern Minnesota.


Pookie said...

Umm..that's a little bit disturbing.

mnthomp said...

Disturbing cuz you know that it would be easy to be tricked? Or because of the name?

I know that it would be very easy to fall for one of those. Especially if they hijacked a real email address from someone in the company. Oi. Scary.