Attacks on our inboxes are consistently effective, from the simplest ‘you’ve won a prize’ scams to the most sophisticated espionage tactics.
However, most people still rely on email to get things done.
The advantages of email: anyone can send you an email and add any number of attachments. The downside of email: anyone can send you an email and add any number of attachments. As a result, while email is one of the most potent productivity tools available, it is also a significant source of danger.
Most of us are still experiencing email overload (and now, with all the other communication tools as well). Every day, many of you will be looking at and trying to respond to hundreds of messages sent to you by colleagues, customers, or anyone else you do business with.
Cyber fraudsters understand that we don’t have time to properly examine every email that arrives in our inbox, which is why phishing is still so popular.
Some laugh at the continued success of phishing emails, sometimes even blaming the victim for reading the spam and following the instructions – but blaming the victim is wrong.
For one, if antivirus software and spam filters were properly utilized and applied, there would be significantly less likelihood of dangerous emails reaching people’s business inboxes in the first place – and making that transition is a technological issue, not a people issue.
But it’s also become challenging for us to sift and differentiate spam emails from everything else that comes into our inboxes, particularly when so many emails are related to office administration – and cybercriminals are well aware of this.
According to KnowBe4, a security awareness and phishing training provider, some of the most prevalent subject lines used in phishing emails over the previous year were messages concerning IT software upgrades, HR communications regarding performance, and messages claiming your boss has provided a link to attend a meeting.
Many of us are used to receiving and clicking on emails like this every day as part of our jobs; if you receive an email from your employer about an unexpected meeting, you’re likely to get worried and click through.
Users are often attempting to do the right thing when they get notifications claiming to be about software upgrades and security patches, but instead of helping to safeguard their machines from cyberattacks, they are inadvertently promoting them.
While it is feasible to give phishing training to employees, this program must be successful, and one multiple-choice question per year is not enough. In addition, ‘Gotcha’-style phishing tests, in which bogus phishing emails are meant to be indistinguishable from actual emails received every day, will also fail.
It’s doubtful that phishing attempts will ever be completely eradicated – at least not anytime soon – but there are actions that businesses and people can take to guarantee they’re as safe as possible against them.
To start, if you’re unsure about anything, don’t click on it right away; if the email appears to be from a colleague, use a route other than email to ask them whether they sent it. If you get an email requesting that you take immediate action due to a problem with your account, do not click the link in the email; instead, log in to the account using the official URL; if anything is wrong, it will notify you there.
Furthermore, although not fully foolproof against determined attackers, utilizing multi-factor authentication may go a long way toward preventing the usernames and passwords of both business and personal accounts from being stolen.
Phishing attacks exploit human nature, preying on our hopes and fears, which is why they work. They’re unlikely to go away until we find an alternative to email itself.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.