Social Engineering Gets Smarter
Here’s a new phish: An attacker recently created a fake phishing message and, posing as a bank customer, forwarded it to the bank’s security officer. When the security manager clicked the link to find the alleged phishing site, the message secretly launched malware that highjacked his workstation for a month.
This reiterates the point that you can have all kind of logical controls, but it is sometimes the simple things — such as security awareness training, and education of employees.