Dr. Dave has a PHD in mechanical engineering. Saying stuff like your comment makes you appear foolish.
Dr Dave not on Youtube anymore?
- Thread starter heltok
- Start date
Zerksies
Well-known member
I have one in Computer Science what's your point?
Shutup, stoopid!
The point has already been made, most of us think you behave like a jerk. For someone so confident in their own intelligence, I'd hope you already got that point, and please don't reply with "have you ever heard of sarcasm," we all have...
Having a strong password is only good if you don't fall victim to a credential harvesting phish. Even 2FA might not protect you from this...
EvilProxy Commodifies Reverse-Proxy Tactic for Phishing, Bypassing 2FA
The phishing-as-a-service offering targets accounts from tech giants, and also has connections to PyPI phishing and the Twilio supply chain attack.
The email wasn’t suspicious all until I checked it the next day. It looked quite real, and it had well-researched info that created real concern. That’s what smart phishing hackers do.
Zerksies
Well-known member
I deal with this all the time. They probably spoofed the email. ALWAYS check who the email is from. It might say YOUTUBE, but as you said it had a .ru address.
Obviously. And per my video, the spoof was well researched and executed well.
I do, but I didn’t. I will.
The .ru address was an example I made up. In the video, I showed the address they used.
Takes 3 hours to watch 60 Minutes...lol
All good advice that I incorporated into the computer security training course that I created while working at the pharma company years ago. All employees, including the CEO, were required to go through the training and all new hires were required to take the course before they logged on to corporate computers for the first time. After implementing this, we went from having to remove malware on a weekly basis to zero malware infections. Unexpected emails were singled out for deep scrutiny, as were any unexpected browser pages asking for logon credentials.
The slogan associated with the training was "Don't be quick to click" and I encouraged employees to forward suspicious emails to me (they would even dig them out of their junk folder) along with stating the reasons why they thought the email was bogus (this was after Microsoft fixed the Outlook issues with bad stuff being launched just by viewing emails in the preview pane).
The ironic thing at the time was that the consensus in the cybersec community was that training end users to avoid infection was a fool's errand because they were just too dumb when it came to using computers. Eventually they came around when it was actually tried and found to be one of the most valuable defenses available to IT.
A key element of the training was that it was positioned as showing the employees how this training could keep them from getting hacked in their personal life. Dr. Dave was fortunate that it wasn't worse; folks' private lives have been devastated by financial and reputational ruin associated with hijacked accounts and identity theft that could have been avoided by knowing what to look for and getting in a hurry.
Over the span of my career I have watched malicious actors go from hacking for bragging rights or monkey wrenching, to today, where we have organized criminal gangs that actually have board of directors, business plans and generous budgets, along with state sponsored groups that have even more resources. This really took off back in 2003 - in the aftermath of the collapse of the Soviet Union there was a large number of furloughed programmers that had lost their jobs and were recruited by criminal organizations who understood the advantages of stealing money while sitting behind a computer instead as opposed to the risks of getting shot at while running guns and drugs.
The slogan associated with the training was "Don't be quick to click" and I encouraged employees to forward suspicious emails to me (they would even dig them out of their junk folder) along with stating the reasons why they thought the email was bogus (this was after Microsoft fixed the Outlook issues with bad stuff being launched just by viewing emails in the preview pane).
The ironic thing at the time was that the consensus in the cybersec community was that training end users to avoid infection was a fool's errand because they were just too dumb when it came to using computers. Eventually they came around when it was actually tried and found to be one of the most valuable defenses available to IT.
A key element of the training was that it was positioned as showing the employees how this training could keep them from getting hacked in their personal life. Dr. Dave was fortunate that it wasn't worse; folks' private lives have been devastated by financial and reputational ruin associated with hijacked accounts and identity theft that could have been avoided by knowing what to look for and getting in a hurry.
Over the span of my career I have watched malicious actors go from hacking for bragging rights or monkey wrenching, to today, where we have organized criminal gangs that actually have board of directors, business plans and generous budgets, along with state sponsored groups that have even more resources. This really took off back in 2003 - in the aftermath of the collapse of the Soviet Union there was a large number of furloughed programmers that had lost their jobs and were recruited by criminal organizations who understood the advantages of stealing money while sitting behind a computer instead as opposed to the risks of getting shot at while running guns and drugs.
Excellent post.
Zerksies
Well-known member
I love the idea, but in my practically it does not work. I have plenty of users that don't know how to copy and paste things. Some don't even know how to turn on a computer. And you expect these people to understand an email header. And you would think the Kids know more, But they don't.
You're dealing with Pharma, most of these people have educations. My crew barely passed high school.
I don't know how many times I've had to shut down a branch because some jelly head clicks a bad link in an email and infects their computer. Before it starts spreading else ware.
I'd love it if they hired smarter employees, but you don't need much smarts to sell building supplies. People come to you with lists of material and they get it for you. And smarter people would require them to probably pay more too and we all know they want to pay the minimum.
You'd be surprised what dumb people can learn. Our company went through a painful transition - any time someone clicked on an exploit link or fell for one of our mock phishing campaigns they were re-enrolled in mandatory security training. Even the sales guys figured it out after a few failures. Now we maybe see one or two incidents per year.
Zerksies
Well-known member
I'd love to implement to something like this. The bosses are cheap and the turnover in this place I might get a year or two out of a sales person. Not economical for me.
SlateMan
Registered
We have this policy as well. We had a phishing scam asking us to send our boss our phone number. I realized it was a phishing scam and sent them the local FBI phone number. Got a response that it was a landline so I sent them a fake phone number with an area code that started with 911.
Unfortunately, our IT folks still made me go through the training.....
Zerksies
Well-known member
At one point i did try and be good Samaritan. I probably saved about 20 peoples data from a chase breach. They tried buy things from my company. I got enough info from them to actually find the people and call the people and inform them that someone had their data.We have this policy as well. We had a phishing scam asking us to send our boss our phone number. I realized it was a phishing scam and sent them the local FBI phone number. Got a response that it was a landline so I sent them a fake phone number with an area code that started with 911.
Coos Cues
Coos Cues
So does my wife and I'm constantly having to help her with her computer issues. That is one degree that goes stale and obsolete faster than you can use it. My you tube will never be hacked because I left there for the free speech of Rumble long ago.
We had a lot of folks with degrees; mostly chemists and engineers but due to our location also had process techs that were hired off the street as long as they could pass the pre-hire drug test. But because the training also emphasized that I might have to shut down all the servers and deprive everyone of what they needed to get work done they were pretty cooperative and no one wanted to be known as the guy or gal that caused that to happen. I did have to report a few of them to HR due to documented violations of the acceptable use policy so they knew they were being monitored. One dim bulb who had just gotten married caused the firewall to light up with web access violations of the sexual kind, which turned out to be caused by him checking his Yahoo email at work, which had notification emails from the now defunct Ashley Madison web site.
For those not in the know, that was a paid website that specialized in offering married men the opportunity to cheat on their spouses. The incident that led to their demise was that some civic minded hackers broke in and published the names etc. of all their customers on line. I don't know if he was one of the many that ended up getting divorced over that. The ultimate irony was that it also became known that almost all of the women that were chatting them up on that website were actually men.
For those not in the know, that was a paid website that specialized in offering married men the opportunity to cheat on their spouses. The incident that led to their demise was that some civic minded hackers broke in and published the names etc. of all their customers on line. I don't know if he was one of the many that ended up getting divorced over that. The ultimate irony was that it also became known that almost all of the women that were chatting them up on that website were actually men.