a) This is hilarious. b) It is not entirely obvious to me whether society should prefer making fun of users who fall for phishing, which includes ~everyone, or well-resourced firms should Sorry I Can't Let You Do That more frequently as part of their anti-fraud/crimes missions.https://twitter.com/stucchio/status/1153396044950048768 …
-
Show this thread
-
Technical and security employees at financial institutions fall for phishing scams. They would continue doing so even if their mandatory training about phishing including catchy rap remixes.
3 replies 0 retweets 11 likesShow this thread -
Given that we're in a threat environment where the adversary will *routinely* have the username and password, we probably have to design financial institutions' systems and processes to not mean "If the attacker has the password, they get all the money."
1 reply 1 retweet 23 likesShow this thread
And there's a material regulatory/political question here, too, in the same way that there was a regulatory/political question on where to allocate losses in the case of e.g. loss of payments credentials, which was resolved definitively (in the US at least) by political process.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.