I am often asked: What is the most challenging threat I face on a daily basis? I would have to say that it is educating people on the various methods of social engineering and the impact they can have on your life. I think this comes from the fact people just want to believe in other people and do not want see the potential of something bad. These “Phishing” scams have only one purpose; they are used it to get your information and then use the information to their advantage (and your disadvantage).

Why is this so difficult? Because it is an ever changing target as the people who run these scams change their tactics on a daily basis. So it is best to learn the tactics they use so you will be able to better recognize them and avoid becoming a victim.

We can protect the computers and the network with all of the wiz bang techniques but it all fails if you say yes to one phishing email.

The following facts were taken from the SonicWALL Phishing and Spam IQ site, please take the quiz and don’t forget to let me know how you did. Take the quiz at SonicWALL Phishing and Spam IQ web site.

Phishing Facts

• $886 – The average dollar loss per Phishing Victim (Gartner, Dec 17, 2007)
  
• $3.6 Billion – The total dollar loss of all phishing victims over a 1 year period (Gartner, Dec 17, 2007)
• 3.2 Million – The number of people who fell victims to phishing scams over that same 1 year period (Gartner, Dec 17, 2007)
• 8.5 Billion – The estimated number of phishing emails sent world-wide each month (SonicWALL, 2008)
• 32,414 – The number of phishing web sites that were operational in May 2008 (Anti-Phishing Working Group)

Phishing IQ Facts

• 1,012,000 - The number of people who have taken the Phishing IQ Test worldwide
• 7.4% - The percentage of test takers who get 100% by answering all 10 questions correctly
  
• 86% - The percentage of phishing e-mails that are identifies as “phish” by the test takers
• 57% - The percentage of legitimate e-mails that are identified as “legitimate” by the test takers

How do you protect yourself from phishing attacks? By educating yourself on the phishing warning signs and then deleting the email you suspect of phishing.

In my opinion Microsoft Windows 7 will be successful for the following reasons.

• Hardware refresh, the time is right to buy a new PC. Most companies did a big technology refresh starting around the year 2000 time period with those computers lasting 4 to 5 years, The next technology refresh took place in the around 2005 with those computers needing to be refreshed within the next year. The current economy may have an impact on the timing of this but we all know it is due NOW. The price of hardware is as cheap as it is going to get
• Security – It is more secure, really it IS… Microsoft has done a very good job of minimizing the attack surface of Windows 7 by continuing the work that was started in Windows Vista. Many of the 3^rd party vendors have cleaned up their code and it now is operating in a more secure fashion. We will only benefit from this.
• Installation/tight server integration – A fast install process (with clean install taking around 30 minutes to complete). Very tight integration with Windows Server 2008 and Windows Server 2008 R2 will lead better performance when paired together.
• Performance is much improved over Windows XP and Windows Vista:
  • Faster startup and shutdown times, Applications load faster, consume less memory
  • Demonstrated performance leadership over other OS’s, many 3^rd party media outlets have verified Microsoft’s claims of better performance.
  • coping files, finding information
• Better Administration tools – This will lead to reduced administration costs over time:
  • Powershell integration – Powershell is a scripting language used by administrators to perform tasks on Windows 7 and applications. Many of the tasks we as administrators do on your systems can now be automated, thus reducing your costs.
  • Group Policy control over the OS is much improved. A group policy is a tool to set/control how Windows 7 behaves. Why is this important? It will help establish a common environment ensuring items are uniformly setup, installed and secure. Group policies reduce costs through reduced training and uniform system setup.
• Windows XP has reached End of Life and we have entered into the period of it’s product life cycle called “Extended Support”. During this phase only “Security fixes” will be created and no further development on the core product will be performed. Over time many software applications will cease to support XP as it becomes less popular.
• The User Access Control (UAC) less annoying than it was in Vista – Why is this important? Because in Windows Vista most people turned the UAC off due to the fact it was too sensitive and many poorly written applications did not function properly with it ON. This created a situation where a useful security tool was turned off and many the potential local and internet threat were not identified. Somehow this became the fault of Microsoft and the various application vendors who wrote poor code never got blamed for the great misdeed they caused.
• Better Power Management - Windows 7 will automatically slow down resources and even power them off when they are not in use to conserve power. In my testing I have seen increased battery life of around 20% on several of my laptop computers. Over time this will lead to a lower the Total Cost of Ownership (central control is available, yes through Group Policy).
• Hardware Support for older hardware is very good. Many older systems perform very well with Windows 7. Software and hardware driver support has been wonderful through the beta process and now Windows 7 has been released it should only get better.
• Office 2010 with Windows 7 is a winning combination – More on this in the future blog posts.

This topic was originally presented by myself to the September 2009 meeting of BASBITS, Where I am founding member of a consultants group that supports Small Business technology specialists within the Bay Area. The topic was very well received.