We can put the best antivirus on your computer (Malwarebytes), but ultimately they’re ineffective you work around them. It’s not just phishing attempts. There’s a whole bunch of reasons humans mess everything up.
Phishing is Getting More Sophisticated
Most of us know not to click that link pretending to be from Amazon or our local bank. Phishing emails used to have telltale signs like broken English and generic greetings like “Dear Customer.” Scammers have upped their game.
Last summer a massive attack used Google’s document sharing system to trick users into clicking a link. I consider myself pretty sophisticated but I fell for it on one of my accounts. I do product reviews and just assumed it was a press release. I often get those through Google Docs.
The Wall Street Journal (paid article) explains the seven deadly sins of why we click that link:
- Confidence: ‘Trust us, this is normal.’
- Greed: ‘Get your cheap pills here!’
- Urgency: ‘The boss says hurry up and click.’
- Fear: ‘Your PC is infected! Click to fix’.
- Shame: ‘Click here to see what everybody is saying about you.’
- Lust: ‘Psst! Check out these nude celebs.’
- Sloth: ‘Didn’t update your OS? Thanks!’”
That article talks about how major companies and politicians got snared by one of these sins. All you need is one person to make a mistake to infect a whole company
Two-Factor Authentication (2FA) isn’t Enough
We love 2FA. That’s the system that texts you when an unknown login attempt happens and let you approve it. Hackers use the above sings to get you to disable it.
Mashable reports on an NSA analysis of how people get tricked into turning off their protection. All you really need is to take the typical phishing a bit further. I know every time my system does updates my bank thinks I’m on a new system because the browser is updated. I go ahead and put in my special code to gain access. I could easily be tricked into giving up my second factor.
We’re Not Dumb, But Scammers are Smart
Although I’ve come close, I’ve never gotten taken in by one of these scams. I’d chalk that up to luck rather than skill.
A few stories I read made me feel slightly better that I’m not dumb. One refers to a New York Supreme Court Judge taken for over one million dollars. Southern Oregon University was taken for $1.9 million.
You’d think Google and Facebook are smart enough to avoid getting taken. Nope. Both were victims of a scam that raked in $100 million. With the combined power of these two companies and their sophisticated systems, I feel kinda helpless against it.
Cisco, a computer networking company, tried to train employees not to click links in a unique way. It sent them phishing emails to see who would click. Sneaky, but it worked
It Doesn’t Need to Be Email
We’re all protective of our emails, but sometimes the threats come in the old-fashioned way. This link explains how someone from Starbucks was tricked into sending money. Scams like this rely on the seven sins mentioned earlier. Security has to be on everyone’s mind and not just focused on how the threats come in.
How to Prevent It
The obvious first line of defense is computer security. We can help with that. Not just antivirus, but making sure you’ve got the latest security patches. Beyond that, you have to be extremely skeptical. This article sums it up best:
“There’s often a misconception that everyone needs to be a security expert — but that’s not the case. Security is not everyone’s day job, but ultimately, often all users need to have a mentality of caution — they have to be mindful of what they’re doing, and be aware that their actions on corporate equipment, and can be far-reaching.”
When in doubt, don’t click the link. Pick up the phone and call someone directly!
Photo by Hivint