VIDEO UPDATE: Wire Fraud Phisher attempts to phish PhishMe, instead gets phished by PhishMe

(VIDEO UPDATE LINK: Defending Against Phishing Attacks: Case Studies and Human Defenses by Jim Hansen
• A human centric method of defense
• Attack case studies & attacker technique analysis
• Proactive simulation methods: educating workforces & detecting / thwarting attacks) 

(^ say that title ten time fast)

Every year PhishMe Simulator sends millions of phishing emails to its 500+ enterprise customers’ employees worldwide. PhishMe is hands down the most robust and sophisticated phishing platform in existence. To say that we are a little obsessive about Phishing is a bit of an understatement. In fact, we are sitting on innovations in phishing that the bad guys have yet to figure out.

The difference in PhishMe emails versus the bad guys, is that ours are carefully crafted to deliver a memorable experience. Our experiences are masterfully designed to change human behavior to avoid phishing. So what happens when one of our own employees is on the receiving end of a wire fraud phish? Read on…

The Double Barrel Throwdown 2013

One of the great things about the IT Security industry is the intelligent, creative, and interesting people who work in this field. PhishMe challenges you to show just how witty you really are by submitting us your best idea for a Double Barrel phishing scenario. Read below for contest details:

PhishMe’s 2013 RSA Conference Preview

PhishMe (along with our giant bowl of Swedish Fish) will be attending the RSA conference this month for the second time, and we’re pretty excited to be returning to the City by the Bay. We’ve grown a lot since last year’s conference, and this year provides us with a chance to show off how PhishMe has evolved – both as a product and company.

Who better to help us preview our first big event of the year than our founders, CEO Rohyt Belani and CTO Aaron Higbee? I conducted short interviews with each outlining what they are looking forward to, not only about returning to the conference but also about visiting San Fran itself.

RSA Conference: Circus of Vendors

In past years I never attended the RSA conference; it always came across as too much of a vendor show to me. This year I didn’t think I would go, until rsnake convinced me otherwise. So I bought myself an Expo Only pass. I had a lot of fun, meeting old time buddies from Foundstone and Mandiant, a bunch of clients, and partners. But I had the most fun just watching the show on the Expo floor. Must have been 300 booths and a gazillion sales people swarming them with those annoying mics trying to outspeak each other like barkers outside a souvenir store at a tourist destination. Companies doing raffles at their booths – I’ve seen that, but arcade car racing games like those at Dave & Busters, security “Jeopardy” shows every hour being hosted by “slick” sales people, cheesy whack-a-fraudster, wannabe Houdinis showing off card tricks and free beer made the cut too. I wondered, do clients actually walk the floor to learn about new products? I think not. They do so for the free entertainment, adulation, and giveaways.  Makes one wonder, are the RSA booths worth their price tag? The smallest, and furthest ones, which you would see if you were really looking for, are worth an arm and leg. VC money well spent? Oh what a circus it was!

– Rohyt

If I was a hacker…err cracker…

  1. I would be very busy the week of Christmas, while IT security staff is probably operating at 20% normal strength. Not only is it the weakness in numbers, but also the holiday mood.  How many of you are actually working full days? IDS logs – thats probably the last thing on your mind now that you have Guitar Hero III in the breakroom.
  2. I would get busy if I heard that a company was being acquired. From my experience, most companies put a freeze on all discretionary spending from the time a deal is announced untill it closes. Unfortunately, security is often thrown into that discretionary spending budget, making it easy on the bad guys for several months!
  3. If I really wanted to spend Christmas with my family, I would just come back another time and phish employees…that works irrespective of season.

Wishing you all a very Happy New Year! Stay safe.