Technical and security employees at financial institutions fall for phishing scams. They would continue doing so even if their mandatory training about phishing including catchy rap remixes.
-
-
Show this thread
-
Given that we're in a threat environment where the adversary will *routinely* have the username and password, we probably have to design financial institutions' systems and processes to not mean "If the attacker has the password, they get all the money."
Show this thread -
And there's a material regulatory/political question here, too, in the same way that there was a regulatory/political question on where to allocate losses in the case of e.g. loss of payments credentials, which was resolved definitively (in the US at least) by political process.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.