One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 409839 |
| Date de publication | 2017-09-20 08:27:57 (vue: 2017-09-20 08:27:57) |
| Titre | NBlog September 20 - Phishing awareness & cultural change |
| Texte |  This plopped into my inbox last evening at about 8pm, when both ANZ customers and the ANZ fraud and security pros are mostly off-guard, relaxing at home. It's clearly a phishing attack, obvious for all sorts of reasons (e.g. the spelling and grammatical errors, the spurious justification and call to action, the non-ANZ hyperlink, oh and the fact that I don't have an ANZ account!) - obvious to me, anyway, and I hope obvious to ANZ customers, assuming they are sufficiently security-aware to spot the clues.I guess the phishers are either hoping to trick victims into disclosing their ANZ credentials directly, or persuade them to reveal enough that they can trick the bank into accepting a change of the mobile phone number presumably being used for two-factor authentication, or for password resets.Right now (8 am, 12 hours after the attack) I can't see this particular attack mentioned explicitly on the ANZ site, although there is some basic guidance on "hoax messages" with a few other phishing examples. The warnings and advice are not exactly prominent, however, so you need to go digging to find the information, which means you need to be alert and concerned enough in the first place, which implies a level of awareness - a classic chicken-and-egg situation. I presume ANZ has other security awareness materials, advisories and reminders for customers. If not, perhaps we can help!Aside from the authentication and fraud angle, I'm interested in the cultural aspects. Down here in NZ, people generally seem to be quite honest and trusting: it's a charming feature of the friendly and welcoming Pacific culture that pervades our lives. Given its size and history, things may be different in Australia - I don't know. But I do know that phishing and other forms of fraud are problematic in NZ. The Pacific culture is changing, becoming more careful as a result of these and other scams, but very slowly. Increasing distrust and cynicism seems likely to knock the corners off the charm that I mentioned, with adverse implications for tourism and commerce - in other words cultural changes can create as well as solve problems. The same issue applies within organizations: pushing security awareness will lead (eventually, if sustained) to changes in the corporate culture, only some of which are beneficial. It's possible to be too security-conscious, too risk-averse, to the point that it interferes with business. October's awareness seminar and briefings for management will discuss a strategic approach ai |
| Envoyé | Oui |
| Condensat | the 8pm about accepting account action adverse advice advisories after aiming alert all although angle anyway anz applies approach are aside aspects assuming attack australia authentication averse aware awareness bank basic becoming being beneficial between both briefings business but call can careful change changes changing charm charming chicken classic clearly clues commerce concerned conscious corners corporate create credentials cultural culture customers cynicism different digging directly disclosing discuss distrust don down egg either enough errors evening eventually exactly examples explicitly extremes fact factor feature find first forms fraud friendly from generally given grammatical guard guess guidance guide has have help here history hoax home honest hope hoping hours however hyperlink implications implies inbox increasing information interested interferes issue its justification knock know last lead level likely lives management materials means mentioned messages metrics mobile more mostly nblog need non not now number obvious october off only organization organizations: other pacific particular password people perhaps persuade pervades phishers phishing phone place plopped point possible presumably presume problematic problems process prominent pros pushing quite reasons relaxing reminders resets result reveal right risk same scams security see seem seems seminar september settle site situation size slowly solve some somewhere sorts spelling spot spurious strategic sufficiently suitable sustained sweet them these things may too tourism trick trusting: two used using very victims warnings welcoming well when which will within words |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.