The quality of technology reporting often reflects the worst element of the complicated world of digtial, where statements, articles and opinions have no substance but are stating the obvious, reporting nothing new, regurgetating other work or in the worst case using technical terms to imply intelligence.
This article by an anonymous beeb reporter is a prime example, alledgedly reporting some note worthy statistics that lead to the ground breaking revelation that email is the primary mechnism for phishing. Hold the front page…
“little evidence novel technologies involving net-connected gadgets or smartphones”
Now the article tries to warrant the use of words and pixels by referencing a study produced by a Marc Spitler, Senior Manager at Verizon Security Research at Verizon Enterprise Solutions, to be honest I haven’t read the report and I assume (hope) that it has far more in it than this little nugget of ‘insight’. The article refers to the reports comparions of phishing mechanisms and platforms used. The article reports the research found “little evidence novel technologies involving net-connected gadgets or smartphones”, remember this is phishing attempts, why would anyone attempt a phishing attack over IoT… hey Nest device use this link to login to your bank account… oh right! Now the use of smartphones, pretty broad term, do they mean email on smartphones.. but this would surely be included in the email stats… you’d think.
Anyway something that is clearly missing in this revelation is an understanding of the humans involved with phishing, not the technology involved. They’re criminals, they’re not experimental geeks testing new platforms, they’re out to make money, in the easiest way possible. The whole choice to be a criminal is easy money. Why try phishing through a technolgiy constantly in flux requiring you to keep updating and investing in the process, why use a technology that cannot facilitate a phishing attempt (IoT), just use the same platfrom you’ve been using for years and the one that constantly turns up results with every send as it relies on the stupidity of the recipient.
I won’t go into the report changing subject and trying to report about network comprimise through phishing, as this isn’t technically phishing and probably the real reason for Marc’s report, but cleary the article author didn’t understand this.