Fake femme fatale dupes IT guys at US government agency by Lisa Vaas.
From the post:
It was the birthday of the head of information security at a US government agency that isn’t normally stupid about cyber security.
He didn’t have any accounts on social media websites, but two of his employees were talking about his special day on Facebook.
A penetration testing team sent the infosec head an email with a birthday card, spoofing it to look like the card came from one of his employees.
The recipient opened it and clicked on the link inside.
After the head of information security opened what was, of course, a malicious birthday card link, his computer was compromised.
That gave his attackers the front-door keys, according to Aamir Lakhani, who works for World Wide Technology, the company that performed the penetration test:
…
It get better, way better.
After you read the rest of Lisa’s post, ask yourself:
Would you take their word for anything?
I first saw this in Nat Torkington’s Four short links: 4 November 2013.