From the most basic ‘you won’t win’ scam to the most advanced espionage campaigns, our inbox targeted attacks are consistently successful.
There’s a reason cybercriminals and hackers keep going send millions of phishing emails.
Because, regardless of whether you are working at the office or work remotely from home, email still plays an important role in our workday. Sure, there’s now a place for Slack, Zoom, or Microsoft Teams, or whatever productivity software overlay you’re expected to use.
But for most people, getting things done still depends on email.
Strengths of email: anyone can email you and add all kinds of attachments. Email weakness: anyone can email you and add all kinds of attachments. So while email is one of the most powerful productivity tools, it is also a major source of risk.
Also: What are the best email hosting services and do they protect data?
Most of us are still dealing with email overload (now we also experience overload through all other communication tools). Many of you are still viewing — and trying to respond to — hundreds of messages from colleagues, customers, or anyone else with whom you do business every day.
But how long do you spend viewing those emails; Are they really who they say they are from?
Cybercrime know that our time is very limited and that we won’t have the opportunity to carefully analyze every message that arrives in our inbox — one of the reasons why phishing is still so successful.
Criminals are using this technique for all kinds of malicious campaigns, whether it’s tricking us into clicking fake — but convincing — the link asks us to enter our username and passwordconvince us to do it emergency financial transfersor trick us into downloading malware or Ransomware the words Malicious attachments. It’s clear that phishing continues to be an effective weapon in hackers’ cyber arsenal.
Some scoff at why phishing emails are still such an effective attack tool; sometimes they completely blame the victim for opening the spam email and following the instructions — but blaming the victim is wrong.
Also: What is Phishing? Everything you need to know to protect against phishing emails – and worse
To begin with, if Anti-virus software and spam filter being used and implemented correctly, it’s less likely that malicious email will end up in people’s corporate inboxes in the first place — and making that switch is a technological concern, It’s not a human problem.
But it’s also become extremely difficult for us to deal with and separate spam emails from everything else that enters our inboxes, especially when so many of them involve office administrators — and those who don’t. Online scammers know it.
According to security awareness and scam training provider KnowBe4Some of the most common subject lines used in phishing emails over the past year were messages related to IT software updates, letters from HR about performance, and letters claiming your boss sent you a link. to join the meeting.
Many of us are used to seeing and clicking emails like this every day, because they’re part of the way we do our jobs — if you get an email saying it’s from your boss about an unscheduled meetingthat’s likely to freak you out so you’ll click through.
With messages claims are about software updates and security patchesusers are often simply trying to do the right thing — but by doing what is asked and thinking they are helping to protect their computers from cyberattacks, they are, instead, useless. love encourages a cyber attack.
Also: Google hackers: Inside the cybersecurity red team that keeps Google safe
However, while fraud training can be provided to employees, the program needs to be effective — and one multiple-choice test per year will not be enough. The same goes for ‘gotcha’ phishing tests, where the fake phishing emails are designed to be indistinguishable from real emails sent every day.
It’s unlikely that phishing attacks will be completely stopped — at least soon, but there are steps organizations and individuals can take to help ensure they are protected against them as much as possible.
For beginners, if you are not sure about something, don’t click it right away — if the email claims to be from a colleague, use a non-email channel to ask if they sent the email. If it’s an email asking for urgent action that needs to be taken due to a problem with your account, don’t click the link in the email, but instead log into your account via the official URL — if something goes wrong. try, it will tell you there.
Also, use multi-factor authentication can go a long way to preventing usernames and passwords for both corporate and personal accounts from being stolen — though it’s not completely infallible against determined attackers.
Phishing attacks target human nature, and they attack our hopes as well as our fears, which is why they work. Until we find an alternative to email itself, they won’t go away.
ZDNET’s SECOND OPENING
ZDNet’s Monday intro is our opening for the week on technology, written by members of our editorial team.
BEFORE ZDNET’s SECOND OPENING:
