The Associated Press reports that the FBI failed to warn government officials who were being targeted by Russian spearphishing attacks. One wonders what such a warning would say. The FBI could revise the common warning, "Don't open suspicious emails." to "You are the target of an attack, don't open suspicious emails from Russians." Of course, a hallmark of Russian attacks is that they are well-crafted to be non-suspicious. Such warnings offer little assistance in actually performing the task of spotting deceptive Russian emails. SP Guard helps users avoid deceptive emails.
New research from Google, U.C. Berkeley and International Computer Science Institute made this stunning finding: We find victims of phishing are 400x more likely to be successfully hijacked compared to a random Google user. In comparison, this rate falls to 10x for data breach victims and roughly 40x for keylogger victims. This just examined one problem -- stolen credentials. Now consider how this applies to installing ransomware and malware, abuse of native processes, human misdirection of files (such as sending payroll tax returns in response to phishing) and the Business Email Compromise. Interestingly, the researchers do not ask why phishing [...]