Saturday, March 28, 2015
Don't click on this link: How to avoid the cloud credential scammers
When we think of cloud security, more often than not it is in terms of protecting our data in transit and at rest. However, sometimes it helps to broaden our view of the cloud security threatscape because when we do then all sorts of risks sitting on the periphery come into view. Risks such as those posed by cloud credential phishers. Cloud what now? Well, everyone should be well aware of those cyber criminals who seek to con victims into visiting a 'clone bank site' in order to grab the login credentials of the user and then wipe their accounts of cash. Equally, most folk know about email document attachments, which actually execute a malware installation, often with a similar credential-scraping payload. However, as more and more of us gain this awareness of the techniques used so the less effective they become. This effectiveness is further hampered by improvements in online banking security including the use of two-factor authentication for example. So the bad guys are looking for new routes to the same old credentials and new ways to get that malware installed. Which is where the cloud comes in.