Criminals Steal $415k from Bullitt County

I am getting kind of burned out on computer security. I know, I know, it's only been 14 years that I have been in the trenches and, after all, we are making such tremendous progress in the infosec industry in that brief span of time.

Now instead of curious geeks hacking computers for fun and irritating people, we have widespread criminal activity. Instead of passwords, we're now using... um. Nevermind. And we went from having no network boundary enforcement to... err... having no network boundaries. Software security bugs are a thing of the past. And present. And forseeable future. But hey, at least hackers are targeting networks and systems less. Now they're just targeting people and client software. Cool. That's lots better.

Speaking of criminal activity. Here's yet another example of a phishing attack working. Criminals stole over $400,000 from a municipality's bank account. Why did this attack work? You could blame user(s) for giving away the info, falling for the phishing scheme. Or blame it on a lack of awareness training. But folks, the phishing attacks are getting so sophisticated even very experienced infosec professionals have a hard time.

Seems to me these attacks work because it is difficult to reliably verify trustworthiness of messages or senders. The same issue makes it easy for spammers to make / steal money. With a widely deployed SMTP infrastructure, how do we make improvements?