Wednesday, February 13, 2013

Is Everything We Know About Password-Stealing Wrong?

Dinei Florêncio and Cormac Herley (via Rob Rix):

Thus, banking passwords are being stolen in considerable numbers. We have seen that emptying accounts is hard, and that mules, not victims, lose money. The password merely provides a way of offering something of apparent value (the victim-to-mule transfer) that will persuade the mule to part with something of real value (the mule-to-thief transfer). The victim’s password is only one small part of that elaborate process of socially engineering the mule into parting with money.

Comments RSS · Twitter

Leave a Comment