A recent phishing scam utilized a unique method of linking to a fraudulent Google Docs URL to steal user’s credentials, parse their contacts, and use those contacts as recipients to spread the scam. In addition to security-community alerts, the national news carried the story over two days. National news for an email phishing scam is a significant step in the right direction in helping to ensure our nation is aware of potentially damaging cyber-happenings. Of course, the phishing scam also involved one of the world’s largest companies, Google, which might further explain the coverage. Why the slight pessimism?
Today is also World Password Day, the fourth Wednesday in May. A day that can be used to help everyone “in the whole world” be more aware of the importance of protecting their user credentials and passwords; to encourage use of multi-factor authentication and describe the importance of keeping passwords unique and complex for each and every account and site in use; the value and effectiveness of password managers.
And, perhaps more importantly, help to encourage these discussions at home, with family, friends and the community.
Something as impactful as this phishing scam is important to inform the public about. But, come on media folks, let’s push it a little further.