Scamicry: Are you deliberately putting your customers at risk?
You're on holiday, far from home when a company you've a genuine and positive business relationship with sends an URGENT message.
Choose wrong and you'll become a victim like Charlotte Cowles or Cory Doctorow as recently mentioned on Bruce Schneier's Cryrptogram.
Now surely, you'd expect your bank, hospital, or travel company to do everything in their power to make that choice easy? Surely you'd expect them to help you avoid being the victim of a phishing scam?
And if you are part of a company, and you're involved in any way with security policy, please read on and carefully consider the ways you may be putting your customers at risk and helping cybercriminals.
As Troy Hunt writes this week in Thanks FedEx, This is Why we Keep Getting Phished maybe the company you are dealing with is grossly incompetent at security?
Adam Shostak has a name for this. He calls it "scamicry": legit communications that mimic scams. Like if a company calls you and asks for your security details, but offers you no way to verify who they are first. Here, you can read Adam's notes from BlackHat 2018.
