Social Engineering is the most important strategy for infection with malware today. Moreover, massive use of mails can reach a lot of victims at a time, since you don’t need talented hackers for that and they just address tons of users at once. In this scenario, traditional training methods with teachers and posters are not very effective, and, even, three months after training, there is no more difference in the user’s reaction to phishing mails.
These are some of the main topics highlighted in the article Spearphishing: Jeder Fünfte geht in die Falle (One every five users falls in the trap), published on heise Security on November, 22nd 2014, which reports the talk held by Enrico Frumento and Roberto Puricelli of CEFRIEL at DeepSec 2014, the prestigious international Conference on information security.
An innovative and comprehensive framework for Social Driven Vulnerability Assessment, the detailed CEFRIEL presentation at DeepSec 2014.