Skip to main content

when-phishing-and-stolen-customer-database

Check out this phish email from Virus List

We fully appreciated not only the expert social engineering and well-written text, but also the fact that the phisher included not only the email of the intended victim, but also the postal address.

While the analyst points out that users should never click on an email from a bank, I think it also points out the need for mutual authentication.

Further, I think that the way WiKID handles mutual authentication is much better than other solutions - beyond just the fact that WiKID uses a cryptographically secure approach. When a users get a WiKID one-time passcode, their default browser is automatically launched to the correct website and the SSL certificate is validated for them. This approach is far more reliable from a user-experience than relying on the user to recognize a change in the website or chrome. (IMHO).

Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom