cybersecurity

5163 readers

55 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

175

Study concludes cybersecurity training doesn’t work (www.kpbs.org)

submitted 2 weeks ago by cm0002@infosec.pub to c/cybersecurity@infosec.pub

48 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] xxce2AAb@feddit.dk 42 points 2 weeks ago (2 children)

That's a shame, although I unfortunately have no problem believe that's the case in general. I still personally benefit from the social engineering resistance training I've had over the years to this day though.

[–] bamboo@lemmy.blahaj.zone 25 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

I still personally benefit from the social engineering resistance training I’ve had over the years to this day though.

Me too, I use it to get out of situations I don't want to deal with. "Ohh you're calling me asking for PII? Sorry, i can't provide that information unless I initiate the conversation. I'll call the number I have on file for you to provide that."

[–] xxce2AAb@feddit.dk 15 points 2 weeks ago* (last edited 2 weeks ago)

That's the spirit! "I'm not at liberty to provide that information" is one of my favorite sentences.

[–] stinky@redlemmy.com 21 points 2 weeks ago (3 children)

My toxic trait is believing that not answering the phone from unknown numbers is protecting myself from outside attackers

[–] xxce2AAb@feddit.dk 12 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

It might be rudimentary, but I wouldn't say you're wrong.

Alternatively, pick up but answer the phone only with the word "Yes?", "Speak" or "You may proceed" (preceded by 'this line is now secure').

Then, when they ask "who is this?" answer that "if you don't know, you have the wrong number" and that "this call is currently being traced, pending review of a 'military tribunal'."

Do this with the flattest intonation you can manage.

That tends to get to them.

[–] Goretantath@lemmy.world 11 points 2 weeks ago (1 children)

Nah, there's AI that can clone your voice from a single word, not answering is the safest.

[–] xxce2AAb@feddit.dk 7 points 2 weeks ago

Point. Silence is good too.

[–] WanderingThoughts@europe.pub 4 points 2 weeks ago

Recently there were recruiters on LinkedIn freaking out that when they called someone, they would answer with "Hello?" and the recruiter thinks they're too good to be greeted with that.

[–] qweertz@programming.dev 4 points 2 weeks ago* (last edited 2 weeks ago)

My SIM provider has the option to not even route unknown callers to my device. Not that I get any, but just in case, even if it is not that common in Germany.

What some family of mine had to go through was social engineering harassment calls with some BS reasoning to get them to say "Yes"/"I agree" or something like that