Last Thursday I wrote about Brian Krebs’s report on fake law enforcement requests for user data, and Bruce Schneier connecting the dots over back doors. It made for some grim, if not altogether surprising reading.
Many of you emailed with what seems like an obvious connection in retrospect: these were classic phishing attacks, or at least social engineering. The only difference is the target were people who were trained and should have known better, instead of your parents logging in and thinking an email attachment has some juicy information.
It reminds me of that PayPal email I got last year that has to rank among the least professional I’ve ever received from a company I do (did?) business with. It’s hard to feel like we’re making ground or winning against fraudsters when even the professionals can’t do things properly.