Email Phishing Is So Dangerous Because It Targets the Mind Instead of The Machine
During the past several months, the world has witnessed a spike in email-phishing occurrences—cyber-attacks designed to exploit vulnerabilities naturally inherent in human psychology.
Hackers began using the term phishing in the mid-nineties to describe a kind of “email angling”—sending out masses of email “hooks” in the hopes that a few gullible or vulnerable “fish” would take the bait. Those fish, of course, were people sitting at their desks, going through their in-boxes. These were attacks not against information technology, but against the natural tendencies of the human mind.
The stakes in “phishing” have only gotten higher over the years, and the threat has only gotten worse.
Email phishing is so difficult to combat because it relies on deception and on the natural human tendency to trust by default. While your hardware and software systems can be secured with multiple layers of electronic and algorithmic defenses, the human element—that is, the primary element—of your organization remains vulnerable to deception and manipulation unless very carefully trained and forewarned.
What does it look like to be Phished?
Email phishing attacks are designed to look like an authentic communication from a trusted source. A phishing attempt might appear to come from a bank, a shopping site, a trusted friend, or even a company looking to hire you.
The phishing attack will not directly you ask for sensitive personal information; instead, you’ll be asked to you click a link to “Verify Identity,” “Confirm a Purchase,” or something similar.
If you click the link, a number of things can occur, none of them good:
- You might be taken to an illegitimate, or “spoofed,” website, designed to look and feel just like the site you think you’re visiting. The idea is to make you feel safe entering any personal data the hackers are looking for;
- Clicking the link could also cause keystroke loggers or other information-stealing malware surreptitiously to be downloaded onto your device.
How Can I Avoid Being Phished?
One advantage the rest of us have is that phishing hackers often make some fairly sloppy mistakes in their hurried attempts to cast as many hooks as possible into their sea of potential victims. Keep an eye out for the following sorts of potential danger signs to avoid taking the bait:
- Obvious spelling or grammatical errors, indicating that the author of the email is poorly educated or is a non-English speaker.
- Noticeable inaccuracies in the design or colors of corporate logos, demonstrating that this email is not from the claimed organization.
- Unexpected package-delivery notifications—whether you’re expecting a package or not, no reputable delivery company will send you an email asking you to “Click Here” to verify your identification or address.
- Misspelled email addresses in the “from” fields are an easy-to-miss but obvious indication that something is not right about this email.
In general, and probably most important, is that you do not click any hyperlink within an email message. Legitimate sources are aware of the dangers that phishing represents and will provide you with alternative means of contacting them.
Netmaker Communications, LLC, is a widely-acknowledged expert on cybersecurity, and this blog will explore the topic of phishing in greater detail over the coming months.
In the meantime, feel free to contact us, and we’ll be happy to talk to you about Phishing and a variety of other dangerous online sports being played at the public’s expense.