Modern spearphishing is *really* good. When high-end hackers come for you, will 100% fall for it. It's not a matter of being "smart" or training not to click the link. You set up countermeasures via 2FA or Yubikeys, or you are 100% trusting to chance that you never get targeted
-
-
Prikaži ovu nit
-
Seriously. Look. Just look at it. This is the email Podesta was sent. You're probably thinking "wow how come Google algorithms didn't catch this email, it's right there asking for your password?". Because the letters aren't English to trick the filters. Hackers are smart.pic.twitter.com/6fDGvjsVD8
Prikaži ovu nit -
And then he landed on this page. Look! * URL looks a lot like myaccount,google,com. You have to look close to see it's not. * Prepopulated his account name + picture. When. They. Come. You. Will. Fall. You put in 2FA countermeasures, or it's blind luck your emails aren't onlinepic.twitter.com/Xv0HJgof86
Prikaži ovu nit -
And it's not just a couple of emails. Your personal email is where "forgot my password" reset emails get sent. Once your home email account falls, all your online identities get pwned all in one fell swoop. Podesta didn't just lose his email in that hackhttps://twitter.com/pwnallthethings/status/786587027202375680 …
Prikaži ovu nit -
"But I'm not important enough to hack" Stop. Last year FBI prosecuted a guy who compromised 1000+ accounts, used that access to reset pwds to cloud accounts and searched for cloud-synced intimate pictures. You don't have to be "important" to be targeted.https://www.justice.gov/usao-sdny/pr/individual-who-compromised-over-1000-email-accounts-new-york-city-university-pleads …
Prikaži ovu nit -
Today's the day you should enable 2FA on your home account. Or if you use Gmail, their Advanced Account Protection. No day better than today to do it. Go do it now.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
They defend against phishing, not malware.
Kraj razgovora
Novi razgovor -
-
-
Ironically government officials and registered candidates are barred for Google’s Advanced Protection Kitpic.twitter.com/yg4WixBcQN
-
Maybe to comply with campaign donations regulation?
- Još 3 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
