@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

Youtube Video

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

A completely legit truth about me...

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@thanksajdotcom said in Scam Of The Week: The Evil Airline Phishing Attack:

@scottalanmiller said in Scam Of The Week: The Evil Airline Phishing Attack:

@IRJ said in Scam Of The Week: The Evil Airline Phishing Attack:

2. Anybody can log into a forum and make an account.

But not as a certified vendor, which we've established was the point. KnowBe4's site could easily be copied, completely, and set up at a different domain with alternative content here and there. The "look and feel" of a site is not a good security protocol to use. If you know a site / forum and frequent it that is one thing. But if you need someone to bring you information about something, that's not a reliable way to tell. If the fear is that the blog has misleading information meant to mislead you, then taking the small time to copy a site from somewhere else is no big deal.

Yes, but you're assuming management will not just assume it's BS, and management is often stupid and goes against its own interests. I get what @IRJ is saying.

Also, they are a certified vendor. But that's assuming management will:

1. Check
2. Has at least some information and context as to how the site works, is laid out, etc
3. Trusts the judgment of ML to "certify" a vendor

No, my point was that the same verification would be needed in both cases. So if the same diligence isn't done in both cases, then my point about security should be correct.

And that's true, the same verification would be needed. But one is already established in the field as such, whereas following a process that was probably already done at a previous time for this site would be extraneous work for a manager just to drive clicks. In this case, it makes more sense, from a business standpoint, to just use the original blog post link.

You missed my point. What makes it easier?

Because I'd be willing to bet Joel's boss already knows about KnowBe4.com and has used it as a resource before. So having him take an extra step to verify ML to just get a link to KnowBe4 makes more work for him. And people who send links so you can go to some page to get to the actual link are annoying. And with security threats, speed is imperative, which means it's faster to just send the original link, and they can verify ML at another time.

That's a valid point, but if they know KnowBe4 already, they'd likely already know it

Maybe, or maybe they hadn't seen it yet. But using an established source to save time during what is already regarded as a very serious, and successful, phishing attack, is a much more pragmatic decision than expecting the boss the find the link in the comments or certify ML as a source.

@BMarie said:

Just waking up from a 30 min nap at work, opps. So not like me.

So jealous!

@Dashrender said in Dual-WAN Router Recommendations:

@thanksajdotcom said in Dual-WAN Router Recommendations:

@scottalanmiller said in Dual-WAN Router Recommendations:

The point was, misusing revert is wrong, using the needful is just regional. Unrelated items. And I've found the UK to use revert and defend it more than any other region.

Yeah but the Brits are weird. Lol

I know - they like to get pissed and suck on fags...

Accurate lol
Trying to quit my habit of taking drags on fags. Hard habit to break...

This is so me...

One reason I avoid CNet/Download.com. I use Ninite for everything like that nowadays.

@Rob-Dunn said:

@thanksajdotcom said:

One reason I avoid CNet/Download.com. I use Ninite for everything like that nowadays.

Yes, I do like Ninite for this, but on my work PC, that's a no-no.

Then Chocolately it is.

@dafyre said:

Yeah... be careful out there! <insert don't drink and drive rant here>.

Like ThanksAJ, I'd fail a field sobriety test because of my hearing, lol. I can walk a straight line and even stand on one foot.... But the moment they tell me to close my eyes, it's game over.

I'm always careful and I know my limits. My common practice is drink as soon as I get to the <insert restaurant/bar name here> and I usually hang at most places a minimum of three hours. So I try to make sure I don't have any more than two or three drinks still in my system by the time I'm leaving, which I can handle well, and I'm a bigger guy, so I have a much higher tolerance than most people as it is just because of my sheer mass.

@thanksajdotcom said:

@dafyre said:

Yeah... be careful out there! <insert don't drink and drive rant here>.

Like ThanksAJ, I'd fail a field sobriety test because of my hearing, lol. I can walk a straight line and even stand on one foot.... But the moment they tell me to close my eyes, it's game over.

I'm always careful and I know my limits. My common practice is drink as soon as I get to the <insert restaurant/bar name here> and I usually hang at most places a minimum of three hours. So I try to make sure I don't have any more than two or three drinks still in my system by the time I'm leaving, which I can handle well, and I'm a bigger guy, so I have a much higher tolerance than most people as it is just because of my sheer mass.

@scottalanmiller and I are going to have some fun at the after-parties in Austin come September...

@hobbit666 said:

Watching Gotham

It ok so far, but prefer to watch the Batman films

I've seen a couple episodes but it's really good! Great way to do the backstory!

@scottalanmiller said:

This is just now.

Scott with his ass....

Or more appropriately, @scottalanmiller's ass...

One of my co-workers today: "I almost fell into the urinal because I was falling asleep while I was peeing". My reaction? I'm glad I'm not the only one that this has happened to!!

Thank you @shannon and everyone at Aetherstore, especially Rob!

@donaldlandru said:

Just posting to say "Hi!"

I realized I had been a member for 30 minutes and not posted, knowing myself if I didn't do it now I never would.

Thanks to @scottalanmiller for talking to me at Spiceworld 2015 and telling me about this site, I already see it will be a great asset for business and pleasure.

Cheers!
Donald

It was great meeting you Donald! Hope we can see you next year!