= Security Stories =

Understanding how a security problem can happen is an important part of protecting ourselves. This page documents real experiences people have had. Whether or not you are likely to experience something like this depends on what kind of work you do. Some may be  more relevant than others.

== Nile Phish ==

According to a [https://citizenlab.org/2017/02/nilephish-report/ Citizen Lab Report] seven organizations in Egypt working on human rights issues were targeted by a phishing attack. During a period in which the Egyptian government was was attacking the movement these organizations were part of (using  asset freezes, travel bans, forced closures, and arrests), these organizations collectively received 92 email messages attempting to steal personal information, like passwords, through deception. The tried to trick staff at these organizations into entering passwords into websites that look legitimate, but were really fake.

== What a Phishing attack looks like ==

Even experts can be fooled into entering their username and password in the wrong place. For a good and quick real story, see this [http://blog.greggman.com/blog/getting-phished/ report from Gregg Man].