UAB Medicine, like shooting phish in a barrel

Want to get info on almost 20,000 patients? Just send email "…to employees [pretending] to be an executive asking them to fill out a survey." As part of the survey, ask for their username and password. Think people are smart enough to see through this? Think again. According to bleeping computer.com (read the story here), "some" fell for it. The UAB CISO Rob Ferrill hasn't even created either a DMARC or an SPF record. My my my.

Mad Max
CISO Career Advisor

#robferrill #uabmedicine #dmarc #databreach #phishing