So this article about biology and psychology of bad decisions is very relevant to #infosec:
I mean, we all know how phishing tries to create pressure ("somebody knows your password!") and then relies on people clicking stuff and not recognizing their mistake. Turns out, there are biological reasons for this.
Crucial take-away: we're all susceptible.
@rysiek Right, so the correct response to a phishing victim isn't to call them an idiot, it's to understand that they're human 🙂
@yojimbo this, right there. Exactly.
And the correct way to protect from phishing is to give people training and exposure to previous phishing campaigns, use technical means that can alert them that they're looking at a phishing message (all mail from our internal services is signed with a known, trusted PGP key, for example), but also labor the point that really nothing will happen if they wait those few minutes and space out a bit before clicking a link in an urgent-looking e-mail.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!