Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Golden Hour of Phishing Attacks

CmdrTaco posted more than 3 years ago | from the get-the-camera dept.

Crime 59

Orome1 writes "Trusteer conducted research into the attack potency and time-to-infection of email phishing attacks. One of their findings was that 50 per cent of phishing victims' credentials are harvested by cyber criminals within the first 60 minutes of phishing emails being received. Given that a typical phishing campaign takes at least one hour to be identified by IT security vendors, which doesn't include the time required to take down the phishing Web site, they've dubbed the first 60 minutes of a phishing site's existence is the critical 'golden hour.'"

cancel ×

59 comments

Sorry! There are no comments related to the filter you selected.

A solution presents itself (4, Funny)

Wonko the Sane (25252) | more than 3 years ago | (#34416574)

Delay all email deliveries for one hour. What could possibly go wrong?

Re:A solution presents itself (0)

LostCluster (625375) | more than 3 years ago | (#34416596)

Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.

Re:A solution presents itself (3, Funny)

Chrisq (894406) | more than 3 years ago | (#34416648)

Delay all email deliveries for one hour. What could possibly go wrong?

Then the discovery of the scam would be delayed by the hour and the "golden hour" would just be delayed.

whoosh....

NEW DISCOVERY! (2)

gparent (1242548) | more than 3 years ago | (#34418210)

NEW DISCOVERY! It can take up to several hours to understand a joke on slashdot! A solution presents itself, th-....

Re:A solution presents itself (1)

PPH (736903) | more than 3 years ago | (#34427366)

If one of those whooshes by fast enough, do we get a sonic boom?

Re:A solution presents itself (1)

drinkypoo (153816) | more than 3 years ago | (#34416646)

Actually that's not all bad as an idea. Gmail already makes mail available to you when and how it feels like it. Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first, giving a chance to subject them to a human test for scams before delivering the mail to the greater audience. I'm pretty well convinced that google already does this with spam but they don't have a "report scam" button (unfortunately.)

Re:A solution presents itself (5, Insightful)

Anonymous Coward | more than 3 years ago | (#34416836)

Mail which looks like it might be phishing email could be delivered to active users proven to be discriminating first,

Congratulations! Gmail has determined that you are smart and competent. Your reward is more spam.

Re:A solution presents itself (1)

flappinbooger (574405) | more than 3 years ago | (#34418162)

Delivered-To: xxxxxxxx@gmail.com Authentication-Results: mx.google.com; spf=pass (google.com: domain of 1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com designates 216.33.63.66 as permitted sender) smtp.mail=1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com Reply-To: "support" Bounces_to: Walgreens.1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa@email.walgreens.com X-SS: 1-1-10920280-574949095 X-BFI: 1f01dd8d3layfovciatke43yaaaaabn3glabcerig44yaaaaa Date: Thu, 02 Dec 2010 08:07:40 EST From: Adobe Subject: Action Required : Upgrade New Adobe Acrobat Reader 2011 For Windows And Mac To: xxxxxxx@gmail.com
ADOBE PDF READER SOFTWARE UPGRADE NOTIFICATION This is to remind that a new version of Adobe Acrobat Reader with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released. To upgrade your application: + Go to http://www.adobe-2011-downloads.net/ [adobe-2011-downloads.net] + Get your options, download and upgrade. Thanks and best regards, John Watt Adobe Acrobat Reader Support Copy rights Adobe 2010 © All rights reserved []

A customer of mine got this email. He forwarded it to me, not because he thought it might be a scam, but because he remembered I had put on foxit reader instead.

I explained a little bit about how it wasn't from adobe and wasn't going to an adobe site.

A quick google: http://www.google.com/search?q=John+Watt+Adobe+Acrobat+Reader+Support&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a [google.com]

Re:A solution presents itself (0)

idontgno (624372) | more than 3 years ago | (#34418934)

Did you just post a malware distribution URL? As a live href?

I hope that was munged, edited, or otherwise neutralized. Otherwise, that was reckless.

Also, as evidenced by your partially-anonymized email header, the spam zombie server seems to be associated with Walgreens. Nice piece of malware intel, there.

Re:A solution presents itself (1)

flappinbooger (574405) | more than 3 years ago | (#34419268)

Did you just post a malware distribution URL? As a live href?

I hope that was munged, edited, or otherwise neutralized. Otherwise, that was reckless.

Also, as evidenced by your partially-anonymized email header, the spam zombie server seems to be associated with Walgreens. Nice piece of malware intel, there.

Nope, I was reckless and all I blanked out was my guys email address. HOWEVER I'm not totally insane, the urls didn't work for me when I checked - My thought is they had already been dealt with.

Re:A solution presents itself (2, Informative)

Anonymous Coward | more than 3 years ago | (#34416850)

I'm pretty well convinced that google already does this with spam but they don't have a "report scam" button (unfortunately.)

Gmail does, in fact, have a "report scam" button. Click the menu button to the right of "Reply" in any message to "Report phishing." Done.

Re:A solution presents itself (1)

hedwards (940851) | more than 3 years ago | (#34417440)

Really? Gmail users get spam? That's news to me, unless you're talking about that bit of junk mail that ends up in my inbox every several months.

Re:A solution presents itself (5, Insightful)

alexmipego (903944) | more than 3 years ago | (#34416866)

They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.

Re:A solution presents itself (1)

natehoy (1608657) | more than 3 years ago | (#34417596)

Well, it's really no surprise.

We used to call it "telephone fraud" or "scamming" back when it was done over the phone and "mail fraud" when it was done via the dead tree snail-mail system. And unwanted postal advertisement was called "junk mail".

Then when it came to online we decided on the terms "phishing" for fraud and "spam" for unwanted email. Oh, but then it got worse.

Then there's "whaling" (email scams targeting people higher up in the organization), and "spear phishing" (collecting data about the person you want to phish and crafting a personal attack), "smishing" (scams over cell text messages), "pharming" (DNS redirect), etc. All to describe an attempt at fraud to different targets or using different techniques.

Then, to add insult to stupidity, someone asked "hey! what if someone tries phishing you over the phone? What should we call that?" and came up with "vishing", completely ignoring the fact that there's been a perfectly good term in use for many generations now to describe telephone fraud. "telephone fraud".

I'm waiting for someone to come up with a new term for postal fraud. "snailshing?"

No wonder the terminology is confusing. It's asinine. Something describing fraud should be called "fraud" with the proper adjective in front of it. "mail fraud", "email fraud", "phone fraud", "SMS fraud". Hey, even a complete Internet newbie can understand that without a specialized dictionary to understand the terminology. They're not inviting me to a "Phish" concert, I'm not being invited to catch some stripers with someone who can't spell, they're trying to commit fraud!

"REPORT JUNK MAIL OR FRAUD" not to do?

Re:A solution presents itself (1)

natehoy (1608657) | more than 3 years ago | (#34417694)

Damnit, "review" fail.

Last bit should be:

"REPORT JUNK MAIL OR FRAUD" is clear, understandable, and obvious. Then when you hit a threshold for a specific message, throw it into the spam bin for everyone and force anyone who really wants to click the links on it to move it back to the Inbox first. Links in the spam bin should never, ever, ever be clickable.

Now, let's talk placement. "Report Phishing" is where, you say? Oh, under the REPLY button? That I have to open the email to get to. Oh, OK. Wait.. what? Isn't the very first lesson we all try to teach our newbies "junk and fraud emails are evil - never open them if you can tell what they are by looking at the subject line. Delete them." And yet, when Google wants fraud reported, they make you open the message. (tap tap tap) hello? Is this thing on?

Re:A solution presents itself (1)

KiloByte (825081) | more than 3 years ago | (#34418948)

"pharming" (DNS redirect)

The name comes from "Phorm" [wikipedia.org] , right?

Re:A solution presents itself (1)

natehoy (1608657) | more than 3 years ago | (#34419354)

No reference to it in the Wiki about Pharming.

Phorm did appear to use a form of pharming (more specifically DNS poisoning, in this case poisoned at the ISP level) to do its ugly magic. So maybe the marketing dweebs who made up the term "pharming" had some inspiration from Phorm's name in inventing their security tool marketing term.

Re:A solution presents itself (1)

tlhIngan (30335) | more than 3 years ago | (#34419112)

They do have a "Report Phishing" option though. Sad thing is that most people don't know what phishing is or even realize they've been victims of it until it's too late, at which point they rarely go back to gmail to report the phishing attempt.

Problem is, the button isn't available in list view. Most of the phish attempts I get are plainly obvious from the preview line, and the only way to report is to open it and click Report Phishing, an annoying extra step.

And that's an advantage to having multiple addresses - Paypal telling me I need to fix my account from my non-Paypal email is pretty obvious. As are ones for banks I don't use or never even heard of.

Still, having to click through is an extra annoyance, just like the loss of the "Unread" select (hidden underneath a menu now) which was a click away. It's a way for me to handle mailing lists - read the interesting posts, then click unread and delete to delete the rest. Would be nice if they had a Google Labs thing that added both back.

Re:A solution presents itself (1)

drinkypoo (153816) | more than 3 years ago | (#34419818)

There IS no button, it's a menu option! So you have to click through, find the pull-down, click it, and then click it again! This is retarded. I get WAY more phishing attempts than spam in my Inbox. It's gotten to where I just mark them as spam because I'm too lazy to drill down. Gmail interface fail.

Re:A solution presents itself (1)

beh (4759) | more than 3 years ago | (#34417446)

...and the next problem - with the potentially bad clicks not going to google - how is google going to find out how discerning you are? ...unless they rewrote all clicks to be proxied through a google web-service, in which case google would get massive data protection enforcement issues.

Re:A solution presents itself (1)

dkf (304284) | more than 3 years ago | (#34417356)

Delay all email deliveries for one hour. What could possibly go wrong?

Not much more than happens at moment. Our email systems typically delay incoming email from previously-unknown senders for up to an hour anyway; assuming that the message will go through straight away (let alone be read immediately) is definitely a losing proposition.

Re:A solution presents itself (1)

noidentity (188756) | more than 3 years ago | (#34417940)

Silly, that'll just delay the golden hour. What we need is for the email to be delivered, but for nobody to be able to respond within the first hour. Simple, really, when you think about it.

Ummm... (0)

Anonymous Coward | more than 3 years ago | (#34416608)

How is this YRO? Thanks CmdrTaco!

Re:Ummm... (1)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#34416858)

Peoples rights are being violated by criminals online. I think this qualifies as a YRO story.

Re:Ummm... (0)

Anonymous Coward | more than 3 years ago | (#34417202)

that's a bit of a stretch, don't you think?

Re:Ummm... (0)

Anonymous Coward | more than 3 years ago | (#34420322)

Nope. The guy's just in denial, e.g. the psychological condition. OMP has *convinced* himself that this has anything to do with YRO even though it logically does not. Why anyone would blind himself this much is beyond me...

I know... (1)

Anrego (830717) | more than 3 years ago | (#34416660)

This is up in lala land.. but you really can’t cure stupid.

What we need to do is make phishing attacks useless. Obviously a lot harder to do than say.

The best I could come up with is some kind of challenge response system, possibly with the aid of a key token, with the user’s IP address factored in. That is:

You are at the login screen.. and presented with a challenge. On the server the challenge is tied to the IP that requested the login screen. You punch the challenge into some device, it gives you a response. You then plug the response into the login dialog (possibly with some other traditional password). The server validates that the IP logging in matches the IP associated with the challenge, and if so (and if the response is correct of course), lets the user log in.

Obviously this is way too cumbersome to work.. and the users who fall for phishing attacks tend to be the same ones who have PINs of 1234 and resent having to enter _that_ in. But I think something like this where it is impossible to “tell” someone your credentials is the solution.

Nitpic: what's this got to do with my rights?

Re:I know... (0)

Anonymous Coward | more than 3 years ago | (#34416778)

Possibly a bad idea since in the UK at least, banks keep telling people that the card reader is NOT used to login.

No fiddling with the login process will solve phishing attacks - the phishing email/webpage will just inform people about the new security measures or whatever, and that you also need to scan in a picture of your passport and driving license and upload those too.

Trusteer are the makers of Rapport, which is supposed to keep your login details secure despite all the spyware and keyloggers and screenshooters your computer might be infested with at the time. Fixing stupidity with more stupidity.

Re:I know... (1)

DrSkwid (118965) | more than 3 years ago | (#34417674)

MITM

Scrub the sites... (4, Funny)

AdamThor (995520) | more than 3 years ago | (#34416782)

So what we need is a way to scrub those websites within the critical time period, yes? A cleaning program? A sort of "Golden Shower"?

Re:Scrub the sites... (2)

gmuslera (3436) | more than 3 years ago | (#34416824)

Sometimes is not phishing. If you i.e. block for an hour in the proxy the websites refered by incoming mails you will slow down those scams, but also the real sites (i.e. places where you register and have to confirm that your email)

Re:Scrub the sites... (0)

Anonymous Coward | more than 3 years ago | (#34416976)

A sort of "Golden Shower"?

Are you taking the phish?

Re:Scrub the sites... (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34417422)

Wow, what a piss poor idea. I mean it really stinks. There's so many leaks in your logic, it's amazing you managed to pee-ce it together at all.

Re:Scrub the sites... (1)

AdamThor (995520) | more than 3 years ago | (#34417604)

Hey, who pissed in your cheerios? You should know that back at the academy I was considered to be a real whiz! Urine the presence of a powerful intellect. It would be a shame to let an idea like this go down the drain.

Education is the best medicine (2)

digitaldc (879047) | more than 3 years ago | (#34416820)

Educating people about computer scams seems to be the best way to combat this problem. Otherwise, we can just provide an IQ test as part of the Windows boot process.

Re:Education is the best medicine (1)

joebagodonuts (561066) | more than 3 years ago | (#34417120)

...and booting windows means an automatic failure of the test. Brilliant!

Re:Education is the best medicine (1)

digitaldc (879047) | more than 3 years ago | (#34417626)

The process you speak of is called 'Dunce Redundancy'

Re:Education is the best medicine (2)

panda (10044) | more than 3 years ago | (#34417944)

Quoth Bruce Schneier:

There's nothing we can do to educate users, and anyone who has met an actual user knows that.....Rather than focus on what can we do to educate users, we need to focus on building security that doesn't require educated users.

Reference: http://www.schneier.com/news-055.html [schneier.com]

Re:Education is the best medicine (1)

John Hasler (414242) | more than 3 years ago | (#34419792)

And all users are identical of course, and all dunces.

The fact is that most users are educable to varying degrees. How about we educated the educable while trying to think of something else to do about the rest?

Re:Education is the best medicine (1)

Cowmonaut (989226) | more than 3 years ago | (#34425282)

Agreed. Users simply do not care. You can't teach what doesn't want to learn or understand the necessity of learning. It also goes a long way to show part of the problem with American public schools (i.e. a cultural thing).

IQ tests don't work. (1)

Benfea (1365845) | more than 3 years ago | (#34421818)

Smart people can fall for phishing attacks as well. The counter is knowledge, not intelligence. The more people know about how phishing scams work, the better prepared they are to identify phishing attacks.

Another solution (1)

VirtualJWN (1084071) | more than 3 years ago | (#34416890)

Since we are currently in an economic downturn, and many many tech folks are "on the beach" so to speak, i.e. not working, and perhaps collecting unemployment. why not let the "programmers" in the USA counter attack the overseas attacks on our internet. We invented the thing (Internet), we need VIGILANTE forces that can attack and destroy enemy targets on the web. WHY IS THIS ILLEGAL? This is a job Americans will do!!!!

Dumb idea (1)

Mathinker (909784) | more than 3 years ago | (#34418970)

Joe job [wikipedia.org]

In other news... (2)

Amorymeltzer (1213818) | more than 3 years ago | (#34416900)

The 15 minutes it takes the cops to respond to a robbery have been dubbed "The golden quarter-hour of robberies." I would expect the majority of successes to occur before security mechanisms have started, what with them being security mechanisms and all.

Re:In other news... (1)

gsslay (807818) | more than 3 years ago | (#34417838)

You have an interesting point there, you should apply for a grant to fund a study.

Hypothesis; Thefts are most successful before anyone notices they are happening. Afterwards... not so much.

Recommendations; Delay thefts until after they are noticed.

Simple (4, Funny)

PPH (736903) | more than 3 years ago | (#34416912)

I never answer e-mail within an hour of receipt. I'm too busy trying to make first post.

DDoS? (-1)

Anonymous Coward | more than 3 years ago | (#34417084)

Why don't the security firms and banks just DDoS the fishy sites for 1 hour with bogus credentials?

Re:DDoS? (1)

Opportunist (166417) | more than 3 years ago | (#34417360)

Erh... two reasons.

First, it's illegal. Duh.

Second... well, the enemy has the bigger guns.

retarded (-1)

Anonymous Coward | more than 3 years ago | (#34417110)

this is retarded. stop it.

The real message (1)

Opportunist (166417) | more than 3 years ago | (#34417392)

The most scamming is successful before the Antivirus screams bloody murder when you open the mail. No, really? Duh. That's not what surprised me.

But who would have guessed that so many people actually use antivirus tools that it matters this much how fast the AV vendors react to it?

Re:The real message (1)

natehoy (1608657) | more than 3 years ago | (#34417962)

I help about a dozen people with their computers as "side favors", and I know of only one person at the moment on Windows who is not using Antivirus of some form. Comcast includes it for free, so anyone on Comcast I just send them the link and tell them to install it, the same is also true of most ISPs now - almost all of them include something for Antivirus.

If I drop by to help with something and there's no antivirus installed, we have a serious chat and I usually insist on installing something (at least AVG-Free) before we proceed to working on the actual problem they want help with. It cuts down on repeat visits, and even though I work for beer and I like beer, I have money and can buy beer, and cash purchase is my preferred method for acquiring beer. Fixing other people's computer gaffes is barely worth the beer. I'd rather buy beer and bring it to their house and drink it with them while having a conversation.

My one antivirus-averse person, let's call him "Risky Rick", feels that he never visits any sites that could harm him (and he does appear pretty cautious), he was very open to installing Firefox with NoScript for web and Thunderbird for email, he is savvy enough not to be running as Admin (Windows XP), he keeps his system patched reasonably well, he's got a decent consumer router with SPI, and he uses MailWasher to review the headers of all of his email so he can delete anything suspicious before it hits an email client capable of rendering HTML or running scripts. He doesn't want to incur the slowdown of a realtime scanner, but he does run a full system scan every few months or so (and it's always come back clean, so I'll give him credit that his caution is working OK for now). Rick is putting actual effort into security rather than depending on a tool to help. Which works, sorta, but you want a Risky Rick who also uses Antivirus as an additional layer, because there's no such thing as too many layers of security.

New computers are almost always bundled with McAfee or Norton, with a really annoying reminder when the 3, 6, or 12 months or whatever of included service are up. I'm not really a big fan of either, but they get the job done, and they almost force the user to keep them current. It's annoying and invasive, but it seems to be working.

Re:The real message (1)

KiloByte (825081) | more than 3 years ago | (#34419030)

Except that both McAfee and Norton affect the computer worse than several concurrent malware infestations.

Re:The real message (1)

Opportunist (166417) | more than 3 years ago | (#34419060)

Well, probably when it comes to the impact on performance, but not the impact on your bank account.

Re:The real message (1)

Mathinker (909784) | more than 3 years ago | (#34419164)

> and it's always come back clean, so I'll give him credit that his caution is working OK for now

Current stats I've heard (they may be just flaky numbers pulled out of a certain orifice) is that A/V tools don't detect up to 50% of current professional botnet infections like Zeus, etc.

> Which works, sorta, but you want a Risky Rick who also uses Antivirus as an additional layer,
> because there's no such thing as too many layers of security.

By that reasoning, you should instead be investing in educating the 11 other people who only use an antivirus but don't invest effort in security like Rick, no? Assuming you could get them together in groups to improve the return on the effort, I mean.

BTW, the results of a study where all traffic signs and signals were removed from a region which was thoroughly marked as such (the traffic accident rate went down, not up) indicate that Rick's strategy might actually be more effective than the others'.

Re:The real message (1)

natehoy (1608657) | more than 3 years ago | (#34421512)

I agree wholeheartedly. The problem is that there's no driver's test for the Internet and as inadequately as antivirus tools are capable of protecting the innocent, they are at least better than nothing at all. Whether through simple lack of time or lack of access to an educator, there is a significant population of "click on whatever looks good and damn the torpedoes" folks out there.

I've tried educating the rest of my group, with some significant success, but I can't possibly make them aware of every risk and they aren't going to take the time to educate themselves on every new threat. Many of them are pretty open to actually looking at emails, a few are OK with NoScript but it "makes the Internet harder" for more than half (some pages don't work at all, or don't work well, without JavaScript). A very small few of them have enough trouble just handling email and Facebook which is the extent of the Internet to them, bless their dear hearts.

I'm probably not that much different in terms of my car. I follow the maintenance schedule, listen for odd noises or odd handling, and look for warning lights.

Since not everyone is going to be fully aware (and some may be completely unaware) of what the "bad sounds" and "odd handling" are on the Internet, we add "warning lights" (antivirus and other tools) that at least catch a good chunk of the problems, just like the idiot lights in your car.

They aren't perfect, but they help catch the worst stuff, because just as few people have the wherewithal to check their oil, brake, and steering fluid levels every time they start the car, and precious few crawl under the car to look for a brake line that's on its last legs, so do few people have the wherewithal to check every URL, research each error message they see, and recognize when your bank is not your bank.

So the car, and the computer, are "taught" to identify some of the most serious things that can happen and identify them to the user. Part of the lesson is to avoid having the warning light come on by maintaining the machine (keeping signatures up to date, checking URLs, using NoScript and other protection tools, refraining from clicking on every damned thing in email even if it does promise Natalie Portman in hot grits or dancing fluffy kittens).

The other part is telling them what to do when a warning light comes on (antivirus goes BING!, certificate warnings, popup ads, UAC popups in Win7, etc).

Of course, I also helped an older woman some years back whose car had broken down at the side of the road. Her description was that of a little red "Aladdin's Lamp" lighting up about 30 miles back, then the car getting a little rumbly-grumbly sounding for a while, then finally no matter how hard she pushed down on the gas the car slowed down and got more wiggy-jiggy, then finally it went thumpity-thumpity-clunky-creakity-phoot-grunt and the engine stopped and she had to coast to the side of the road. (read: Low Oil Pressure light came on and she drove the car past 6 highway exits for a half an hour to the point of utter death by friction, ignoring the increasingly urgent mechanical problems that were developing). So the lights don't always do any good even when they do work...

Re:The real message (1)

shipofgold (911683) | more than 3 years ago | (#34424386)

What you don't mention is how many times those A/V programs actually protected the users from something. My company forces A/V on my laptop but I never get any hits...I have A/V on my kids' computers and have re-imaged 5 times in the past 2 years....They click on just about everything. It is the behaviour that determines the risk of infection. Trying to use a condom with holes in it won't get you very far in the long run.

Nothing New Here (1)

JAS0NH0NG (87634) | more than 3 years ago | (#34417644)

This result was already pretty well known.

Jagatic and others saw this in 2007 in their work on social phishing [acm.org] at Indiana University.

We saw the same in our PhishGuru work at Carnegie Mellon, on training people not to fall for phishing scams [cmu.edu] in 2009.

As an aside, I know many slashdotters don't believe you can train people to protect themselves from phishing. That is the standard conventional wisdom in computer security. However, we've actually demonstrated that you can, if you make it fun, timely, and relevant. We're commercializing some micro games for security training [wombatsecurity.com] and a service for simulated phishing attacks [wombatsecurity.com] based on research we did at Carnegie Mellon.

I always thought... (1)

BigSes (1623417) | more than 3 years ago | (#34421992)

that the golden hour for phishing was right before dawn.

(rimshot)

(smattering of applause)

Thanks, I'll be here all week.

Amazing discovery! (1)

JohnnyBGod (1088549) | more than 3 years ago | (#34429102)

This just in! Criminals are more effective while they are unknown to whoever is fighting crime! More at 11.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?