Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited by Mark Maunder.
From the post:
As you know, at Wordfence we occasionally send out alerts about security issues outside of the WordPress universe that are urgent and have a wide impact on our customers and readers. Unfortunately this is one of those alerts. There is a highly effective phishing technique stealing login credentials that is having a wide impact, even on experienced technical users.
I have written this post to be as easy to read and understand as possible. I deliberately left out technical details and focused on what you need to know to protect yourself against this phishing attack and other attacks like it in the hope of getting the word out, particularly among less technical users. Please share this once you have read it to help create awareness and protect the community.
…
Mark’s omission of the “technical details” makes this more of an advertisement for phishing with Gmail than a how-to guide.
Still, the observation that even “experienced technical users” are trapped by this technique should encourage journalists in particular to consider adding phishing, voluntary or otherwise to their data gathering toolkit.
As I pointed out yesterday, Phishing As A Public Service – Leak Access, Not Data, enabling leakers to choose to receive phishing emails can result in greater access to documents by reporters at less risk to leakers.
With the daily hype about data breaches, who can blame some mid-level management type for their computer being breached? Oh, it could result in loss of employment, maybe, but greatly reduces the odds of being fingered as a leaker.
Unlike plain brown paper wrappers with Glenn Greenwald‘s address on them. 😉
If phishing sounds a bit exotic, consider listing software/versions with known vulnerabilities that users can install and then visit a website for an innocent registration that captures their details.
Journalism as active information gathering as opposed to consuming leaks and government hand-outs.