Astounding isn’t it! I am sure that you will question the audacity of the statistic. I can tell you with confidence that even a security expert is not immune to falling prey to phishing emails. That is why even the most mature security companies are hacked.
Any human will click on an email whose content appeals to a human emotion that is strongly felt.
There is a phishing bullet with everyone’s name on it. To illustrate the point, let us study two examples.
The first is related to the COVID pandemic. You receive a phone call from an unknown caller. The caller requests for your personal details and telephone number to register you for the immunization program. There is a fee to paid, for which a link would be sent via SMS. Now ask yourself, would you give your personal details to the caller. Most probably not, and certainly not before you asked several clarifying questions to verify the program and the identity of the caller or institution.
But, would you do the same if the information was requested via email. Most people who are eager to receive the vaccine would fill up the information and await further instruction. That would be step two, if the scamster intended to scam you for money. In some cases, the scamster would be satisfied with just your personal details.
The second example is called business email compromise. Cybercriminals earned 26 billion US$ from this type of fraud over the last four years. There are many different variations, but the first step is to identify a willing employee who would respond to an email with a specifically crafted instruction from a senior. If you are working in a company, and your CEO or CFO sent you an email, how would you react. I guess instantly. The catch here is that while the email alias was correct, the address was off another user on a public email account like Hotmail or Google. Therefore, if your CEO was Lucius Lobo, then the address would look like Lucius Lobo <[email protected]>. The pressure to respond quickly to the CEO or any senior executive may simply short circuit the basic validation an employee would normally make. Which in this case was to understand that the actual email id is not the company id or as the example indicates, is in no way connected to even the alias.
If human emotion compels us to drop the extra validation that we would normally do, then trying to restore this habit when it comes to responding to emails would keep us safe.
If you wish to reply to unsolicited emails then try and question the veracity of the contents of the email, as you would have done if the same request was made telephonically. Bear in mind that any unsolicited email is high risk.
Here are four quick tips, for common scams:
1. If the unsolicited email is promising a free lottery, job or anything return, it’s probably fake. There is nothing free in life
2. If the unsolicited email is promising something extraordinary like a high rate of return or payoff, then avoid it. It is fake or a scam.
3. If the unsolicited email is asking for personal information, its likely that is a scam. May not be one that causes you to lose money, but more often than not fills your inbox with junk emails.
4. If the alias of the email is of someone you know, but the email id is different, it’s a scam email specifically designed to avoid spam filters.
Keep these tips in mind as you read your next unsolicited email. In my next blog we will examine how to avoid being scammed from a genuine but hacked email id.
*** This is a Security Bloggers Network syndicated blog from Lucius on Security authored by Lucius on Security. Read the original post at: http://feedproxy.google.com/~r/LuciusOnSecurity/~3/XQ_vIbcc0fE/there-is-100-chance-that-you-will-click.html