Improving Your Phishing Game

Did you know that KnowBe4 publishes quarterly phishing test analysis? Ranks the top lines that get links in phishing emails followed.

The entire site of KnowBe4 is a reference source if you don’t want to fall for or look like a Nigerian spammer when it comes to phishing emails.

Their definition of phishing:

Phishing is the process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity using bulk email which tries to evade spam filters.

Emails claiming to be from popular social web sites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

I think:

It’s a form of criminally fraudulent social engineering.

sounds a bit harsh and not nuanced at all.

For example, these aren’t criminally fraudulent cases of phishing:

  • CIA sends phishing emails to foreign diplomats
  • FBI sends phishing emails to anti-war and social reform groups
  • NSA sends phishing emails to government officials (ours, theirs, etc.)

Phishing is an amoral weapon, just like any other weapon.

If you use phishing to uncover child sex traffickers, is that a criminally fraudulent use of phishing? Not to me.

If you hear a different conclusion in a windy discussion of ethics, don’t bother to write. I’ll just treat it as spam.

Don’t let other people make broad ethical pronouncements on your behalf. They have an agenda and it’s not likely to be one in your interest.

Meanwhile, improve your phishing game!

Comments are closed.