Technology can't stop phishing perhaps common sense can

Phishing attacks tap into human eccentricities that bad guys have exploited for thousands of years, which makes them extremely difficult to counter. Case in point; for this article I asked a few friends if it's alright to click on active links in an email. They all said no. But, I know for a fact that an email with a video link about cats that is circulating among that same group.

Therein lies the problem. Bad guys understand this. Bad guys also know which psychological buttons to push, to improve the odds of getting a victim to click on a malicious link.

A good example of pushing buttons is how phishers are leveraging the FUD created by the Target data breach, sending out thousands of phishing emails offering financial protection. Target is aware of the deception, mentioning the following on their FAQ webpage:

"Be wary of scams that may appear to offer protection but are really trying to get personal information from you. If you have any suspicions about the authenticity of an email or text, do not click the links in it. Please go directly to the sites you need to access."
The fact that phishers are using the Target data breach to their advantage illustrates a fault even I'm guilty of—stressing out about a situation and making a hasty decision I usually end up regretting. The solution is to step back, take a deep breath, and realize that the amazing offer or panic-inducing security alert is likely a phishing email.

Phishers exploiting attachments

Like most con artists, phishers must keep their deceptions fresh. As people learn to avoid active links in unsolicited emails, a phishers are switching to a new lure—email attachments. In a Naked Security post, Paul Duklin urges people to be leery of attachments:

"We urge you to be cautious of email attachments (Duklin's emphasis), especially if you weren't expecting them. That's to protect you from booby-traps, where cybercriminals feed you a crafty file such as a document or image that is deliberately rigged up to crash your browser (or PDF reader, or multimedia player, or whatever) and sneakily infect you with malware."
Duklin is concerned because warnings about phishing emails often refer to links embedded in the email body, not attachments.

Technology will always be a step behind

A question people have been asking me lately, "Besides stepping back and taking a deep breath, what else can we do?" That is a great question, and I'm afraid my usual answer seems hollow now. I, like many others who write about information security, have preached, "do this and don't do that." But, to be honest, it all boils down to being aware.

I say that is because there is precious little that antimalware and IT professionals can do with technology to protect us. Sure, once they get wind of a new phishing attack, they get the word out, and update their software to recognize the latest deception. But what about those unlucky enough to receive a targeted phishing email before the word gets out?

That question is the very reason experts I have talked are becoming convinced that the only proactive deterrent is user awareness. Trust your instincts, if it seems bad, it most likely is. Additional advice, "More often than not, there are ways to check if the email is for real or not. And if there isn't a phone number or alternative way to authenticate the sender, delete the email."


For More Blogs

Asset Management Video

Views: 5

Comment

You need to be a member of Whazzup-U to add comments!

Join Whazzup-U

Date/Time

Whazzup-u is a social network for all.

Badge

Loading…

Notes

Serious Spamming Issue

Dear members,

Google has detected serious user-generated spam on our site. Typically, this kind of spam is found on forum pages, guestbook pages, or in user profiles.

Time and time again, it has come to our attention that…

Continue

Created by Kamsan Amin Apr 12, 2016 at 4:39am. Last updated by Kamsan Amin Apr 12, 2016.

User-generated spam

Dear members,

Google has detected user-generated spam on our site. Typically, this kind of spam is found on forum pages, guestbook pages, or in user profiles.

Time and time again, it has come to our attention that there have been a lot of excessive online marketing and spamming activities done on the site. We…

Continue

Created by Kamsan Amin Apr 21, 2015 at 11:03pm. Last updated by Kamsan Amin Aug 19, 2015.

Apply appropriate profile name and photo

Please take note that through our observation we have noticed that some members  have been using inappropriate profile names and photos.Therefore we would like to remind these members to please use proper human names and refrain from using business entity names or products labels. We would also like to advised members not to upload explicit photos, or contents and risked their account being suspended or even deleted. Please keep all contents at PG-13 level so that each and every member can…

Continue

Created by Network Admin May 8, 2013 at 3:32am. Last updated by Network Admin Aug 19, 2015.

Phyto Science Biz

Gofishtalk.com

Dunia Seram

Angler's File

Phyto Science Biz

Whazzup-U Mobile App

App for your Android device.

 

Scan The QR Code To Download

© 2019   Created by Shaipul Bahri.   Powered by

Badges  |  Report an Issue  |  Terms of Service