Over a month ago, I received a creative phishing attempt. We use a relatively popular service which is mimicked fairly well. I typically receive notification emails from it by an administrative assistant. This came from another name. That was my only real clue that made me look closer. Since, I have received almost a dozen,…
Ran across a site where if one changes the email address associated with the account, it sends the confirmation email to the new address. Say, I am a Blackhat and used a phishing attack to get the password for the account. Having legitimately logged in, I then change the email address associated with it from victim@outlook.com…
Received an email that looked phishy: Greetings, Please read this important e-mail carefully. Recently you registered, transferred or modified the contact information for the following domain name: ezrasf.com In order to ensure your domain name remain active, you must now click the following link and follow the instructions provided. http://verify.domain.com/registrant/?verification_id=999999&key=BFrrpxGDbb&rid=999999 Sincerely, Domain Registrar The web…
Eddie Carter and Orrin Char, Oracle Identity management and security and access management. Eddie wore a UGA shirt. Guy in front of me made fun of him obviously not wanting to sell to Georgia Tech. Turns out he’s from  Kennesaw. The GT-UGA rivalry knows no bounds. Love it! Handout: Database firewall more auditing and ACLs…
Part of the problem of getting people not to succumb to phishing attempts is the poor practices used in legitimate emails. Google sent me an email saying something was going to expire in a month because of inactivity. I needed to click on a link and verify my information. You know, exactly the same kind…