Salted Hash — IT security news
About this Blog:
IT security news analysis, over easy!
I fell for the oldest social engineering trick in the book
I've written countless stories about social engineering, with security experts far and wide telling our readers never to open a link from someone we don't know. We've also published advice about making sure a message from a friend is for real before opening. That didn't stop me from falling for one of the oldest tricks in the book.
It came in as a direct message on Twitter Friday, from Network World writer Brandon Butler, who sits in the next cube over from me at the office. He's a nice, mild-mannered chap, so when I got a tweet in his name, I opened the link without thought. Well, that's actually not true. I did have thoughts --based on his tweet:
"Hello somebody is saying very bad rumors about you... (URL removed)"
I've been in this profession for a long time, and have found myself on the receiving end of blistering criticism plenty of times. It's a simple byproduct of the job. And yet I had to know who was spreading bad rumors about me. And I had to know right that second!
I clicked the link and got a slow-loading site that ended in a request for my Twitter username and password. Another huge red flag. But someone was out there spreading rumors about me, you see, and I had to know what it was. So I plugged in my credentials.
As the screen of my Android froze up, I got the sinking feeling that I had just committed an act of supreme dumbness. By then, it was too late.
Soon after that, a friend on Twitter sent me this message:
"Guessing you didn't mean to post that..."
It turns out the bad guys started using my Twitter account to send out a variety of spam messages to friends, including the one I fell for.
I changed all my passwords for everything, and the Twitter madness ceased.
This morning, Brandon came in and apologized profusely. It turns out he fell for the same trick as me, and the tweet I got from him was the result.
I laughed pretty hard over that. Sometimes, when you do something stupid, all you can do is laugh, fix what you've done and move on.
But Brandon hasn't been writing about security for the past eight years like me. I should know better by now.
Go ahead and have a good laugh at my expense. I deserve it.
Previous Post: #FFSec: Security pros to follow on Twitter, April 6Next Post: Bad Security PR Watch: FUD with DDoS
WEBCAST
Transition Confidently to the Cloud
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
WHITE PAPER
Magic Quadrant for Enterprise Information Archiving
Gartner evaluates vendors offering products and services that provide archiving for email, files and other content types.
Recent Comments
Webcasts
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Security Analytics Video
- B2B Integration on Cloud: Real World Solutions and Technology Advances
- Virtualization Boosts SMBs
White Papers
