Phishing with actual bait

If you received an email like the one below, would you try out the voucher code and see if it works? I sure as heck would, there is literally zero risk from doing so. Assuming the voucher code works and your account is credited with $5 immediately, how far would you be willing to go to get an additional $10? I believe many people would not even think twice about clicking on a link, disabling AV, enabling macros, double clicking on exe files, or even lying to IT support...

image

In the grand scheme of things, a determined adversary would have no qualms spending a few hundred to gain a foothold in your organization. Checking which voucher codes are used can also help the attacker determine how many targets have opened the email but chose not to proceed with the document. Preventing attackers from gaining entry works only to a certain extent, early detection of compromise is equally important.



Tags: Security

Similar Articles

Rules of Engagement in Cyberspace - Rules of engagement is a concept familiar to most military personnels worldwide. The basic premise of having rules of engagement is to ensure an appropriate level of response or reaction to a ...
Biometrics and Passwords - Many people have the misconception that biometrics such as fingerprint readers are more secure than passwords. It probably stems from Hollywood spy movies showing Top Secret facilities protected ...
The Golden Key - TSA Locks and Encryption - Earlier this year, TSA master keys were leaked and ordinary folks were supposedly able to 3D print these keys and open any luggage with a TSA lock. Despite the huge uproar, I personally feel that ...
Negative space - Sometimes, the lack of information is valuable information. The Washington Post reports that according to unnamed current and former US officials, the CIA pulled "a number of officers" from the ...