Scam Of The Week: The Evil Airline Phishing Attack

scottalanmiller

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

Look at curtis. He has alot of "cred" when you look at his SW points, But everything he posts is garbage.

SW has no cred system.

I was referring to pepper points.

Me too. There is no credibility tied to that system. It is a measurement of activity and nothing else. Never supposed to show anything but that. Was never supposed to encourage anything other than participation. The idea that it was connected to credibility was just made up by some community members who spread it as a rumous.

IRJ

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

Look at curtis. He has alot of "cred" when you look at his SW points, But everything he posts is garbage.

SW has no cred system. It only has an "activity" system. But I'm unclear what that means in this context. We are talking about the same person posting on one blog or another. Curtis posting on a corporate blog should be considered a joke, being on a corporate blog should not give him any credibility.

Any legitimate blog would filter his post, before posting it. In a forum all posts can be found and/or linked.

So a corporate blog on the Internet is like a verified corporate blogger on the Internet

1. Look at Knowbe4's website, it obviously wasn't thrown together in a week. They are an actual legitmate company that makes a profit. They aren't going to have someone like curtis post shit content and ruin their name.

or

2. Anybody can log into a forum and make an account.

scottalanmiller

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

IRJ

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Sure, cloning a website is pretty easy. Buying a similar domain to spoof it just to post a blog post is a long shot at best. Not to mention If you went through all this effort, then you are probably pretty knowledgeable on the subject of security.

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

thanksajdotcom

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

scottalanmiller

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Sure, cloning a website is pretty easy. Buying a similar domain to spoof it just to post a blog post is a long shot at best. Not to mention If you went through all this effort, then you are probably pretty knowledgeable on the subject of security.

Not really. No security knowledge needed to do that. Very, very entry level non-security stuff. If "corporate look" is the criteria making a site look reliable, it makes the process that much easier and more reliable to try doing.

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

thanksajdotcom

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

And we don't want to cause issues for our loyal people, like @IRJ

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

And we don't want to cause issues for our loyal people, like @IRJ

Should not cause an issue. Making an important security point. Which is the point of the entire post and the reason for wanting a blog (and why it is important to understand that blogs and communities are actually the same thing.)

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

thanksajdotcom

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

Granted, that's an assumption on my part, but I'd be willing to bet it's a safe one.

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

scottalanmiller

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

That won't apply in this instance. Why would the CEO or other non-security manager care about the technical merits of non-verified community discussion? We are talking about a specific security related verification of an author. You are getting distracted by ancillary issues.

thanksajdotcom

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

Not ML as a source, the CEO of KnowBe4 as a source. ML is just a forum. Just like any blog, you need to verify the authors.

Yeah but let's not make him dig and then have resentful feelings towards ML. Better to show times it solved problems, not just was a news repository. Has the appearance of more tangible benefits.

That won't apply in this instance. Why would the CEO or other non-security manager care about the technical merits of non-verified community discussion? We are talking about a specific security related verification of an author. You are getting distracted by ancillary issues.

It's psychology and having a negative association of being sent a link about a security threat that then he/she has to go through the forum to find the link. It's not really the fault of the forum but just impatience by the user. Still, it can create a negative association. It'd be better to send the link direct and maybe send the link to ML as a side note of "btw, I saw it here first". The original link to KnowBe4 is going to be already respected and the site gets seen as providing accurate, up-to-date information. Win win.