Mythic Monday – Aesop: The Dog, The Rooster and the Fox
This isn’t one of Aesop’s more commonly known fables. Like most of them, it quite simple. Essentially, a dog and rooster are friends (we ignore the improbability of that bit), and taking a bit of a holiday. As they came do the end of the day, they decide to go to sleep. As is their nature, the rooster perches atop a hollow tree and the dog curls up to sleep inside the tree.
When morning comes, the rooster crows, and attracts the attention of a fox. The fox invites the rooster home for breakfast. The rooster, being wise (demonstrating again, that this is a fable and not reality), tells the fox the he is regrettably unable to accept such a generous offer, but instead invites the fox to join him inside the tree. The fox (seemingly unable to smell the dog within) enters the tree and is promptly devoured.
Clearly, the lesson that Aesop wished us to learn was to beware the rooster. However, it is also quite possible that Aesop was covering for the known illegal leanings of roosters and dogs. This dastardly duo was singlehandedly responsible for the massive reduction of the fox population in ancient Greece. This is much as how modern phishers work.
Security attacks have gotten sufficiently complex that different people are better at different aspects. Some attackers are best at writing malware and others are best at sending the emails that distribute the malware. So, just like the dog and rooster, they have gotten good at working together. By each relying upon their their best skills, they can take over (attract and eat) various targeted computers (foxes).
Of course, this only works on foxes that aren’t paying attention. If the fox in the story had simply stopped to realize that:
- Roosters tend not to live in hollow trees.
- Dogs have a noticeable odor. . . especially for foxes.
The same applies to phishing emails.
- Organizations such as the FBI and IRS are generally not in the habit of emailing people.
- Phishing spam also has a noticeable odor (spear phishing is a bit different).
At the core, email is not 100% deliverable. If anything is extremely important (as someting from the FBI or IRS would be), it would come in a manner that is more reliable. Registered letter and phone calls tend to be popular. Similarly, if someone has your email address, wouldn’t it make sense that they already have your name, phone number and other personal information? If an email asks you to “verify” your information, it’s good to be suspicious.
Above all, unlike the fox in the story (and just like foxes in real life) it pays to be wary.