Top phishing subject lines and big Facebook "data exhaust" warning!

My what a busy Friday. Given that phishing is the number one way bad guys get into your cyber assets, I'm intrigued by the top dozen lines used (see ZDNet article here). According to Barracuda they are:
  1. Follow up
  2. Urgent/Important
  3. Are you available?/Are you at your desk?
  4. Payment Status
  5. Hello
  6. Purchase
  7. Invoice Due
  8. Re:
  9. Direct Deposit
  10. Expenses
  11. Payroll
Almost all of these will have some kind of attachment you need to open. Most of us with a three-digit IQ have already put rules into our email systems that combine these with tests for attachments and other key words to drop them into a junk folder. However, it's the harried two-digit IQ population these phishing emails are intended to attack. A smart CISO will dream up some company-wide procedures to mitigate against morons. And yeah I know: "You can lead a moron to water, but they'll always go for the free Kool Aid nearby."

Troubling Data Exhaust at Facebook

Today's LinkedIn "Daily Rundown" had a profound whammy. I will paste it here just as I got it:
Facebook employees were able to see “hundreds of millions” of user passwords because they weren’t encrypted, the social media giant confirmed. It says it will notify up to 600 million users of Instagram, Facebook Lite and other programs of the lapse, adding there is no evidence the data was abused. The company, which has faced a number of privacy scandals in recent years, says the passwords may have been exposed for up to seven years. 
WTF! Six-hundred-million unencrypted passwords exposed for up to seven years. Oh comrade, can you say "Election tampering on a personal and massive scale?" Even the Mad Max penchant for creative profanity cannot rise to a standard demanded by this news.


Popular Posts