WHY WE ARE SO VULNERABLE TO PHISHING, AND WHAT CAN WE DO ABOUT IT?
If you look back over the last thirty years and think about the one single technology that has changed our lives more than any other…it’s likely you’ll land on email. Perhaps even more than the mobile phone, the ability to send and receive messages in an instant changed everything about how we live and how we work.
To this day, love it or hate it – almost all of us are all still heavily dependent on our inboxes to stay connected. Unfortunately, cyber scammers and hackers know that too and they use our dependence on the email inbox against us.
After all, there is something very intimate and personal about your email inbox. No two people have the same messages or the same interactions – so there is a sense that when an email arrives into your trusted space, that you can go ahead and open it.
Of course, we know that’s not true, but it does feel real for many people and it’s the reason why so many hacks begin with simple phishing emails. For example, the drama that played out around the US elections in 2016 with Russia and Hilary Clinton and Wikileaks releasing troves of the Democrats campaign data – that all began with a single phishing email that was clicked and opened and provided a portal into the whole company.
Liron Barak, CEO of the security firm Bitdam explains how “At the end of the day, we’re people and sometimes we make mistakes. Even careful and aware people could and would click on malicious attachments. Why is that? Because education isn’t enough; people will continue to click on things that look suspicious.”
People often act impulsively and click on something without even really thinking. By the time they realise it’s not what it looks like, it’s too late. Even in an experiment where someone is sent a blank email with an attachment, some people will click it. The curiosity is part of our DNA.
Phishing plays on our emotions more than on any sophisticated technology and that’s why it’s so hard to eradicate. A good place to start is by realising that many commercial email providers don’t have sophisticated filters in place for you. Enterprise level email does have a lot of security in place but commercial services simply don’t – so when people start conducting business on their personal accounts (or chatting informally on their work emails), that’s when problems are created.
It sounds obvious, but one of the best things you can do is keep your work email strictly for work.
The relative ease of creating fake names and fake email addresses on the internet also makes phishing hard to contain. Until the whole world comes together to solve this problem, it’s going to be very hard to eradicate.
The best thing you can do is take extra care to stay one step ahead of hackers; keep your work and personal email separate; take a breath before you click anything, look out for spelling or grammar errors in an email that look suspicious, and use your common sense first and foremost.
If you would like to speak to professionals about safeguarding your inbox from phishing attacks today, please get in touch with one our specialists at 2|SEC – we’ll be happy to help take your security to the next level.