From the most basic ‘you won’t win’ scam to the most advanced espionage campaigns, inbox attacks are successful again and again.
There’s a reason cybercriminals and hackers keep going send millions of phishing emails.
Because, regardless of whether you are working at the office or work remotely from home, email still plays an important role in our workday. Sure, there’s now a place for Slack, Zoom, or Microsoft Teams, or whatever productivity software overlay you’re expected to use.
But for most people, getting things done still depends on email.
Strengths of email: anyone can email you and add all kinds of attachments. Email weakness: anyone can email you and add all kinds of attachments. That makes it one of the most powerful productivity tools out there – and a big source of risk.
Most of us are still dealing with email overload (now we also experience overload through all other communication tools). That means you’re still likely viewing – and trying to respond to – hundreds of messages from colleagues, customers, or anyone else you do business with every day.
But how long do you spend viewing those emails; Are they really who they say they are from?
Cybercrime know that our time is very limited and we won’t get a chance to carefully analyze every message that arrives in our inbox – one of the reasons why phishing is still so successful.
And they’re using it for all sorts of malicious campaigns; from tricking us into clicking fake – but convincing – the link asks us to enter our username and passwordconvince us to do it emergency financial transfersto trick us into downloading malware or Ransomware the words Malicious attachmentsPhishing continues to be an effective weapon in a hacker’s cyber arsenal.
Some scoff at why phishing emails are still such an effective attack tool; Sometimes they completely blame the victim for opening the spam email and following the instructions – but blaming the victim is wrong.
Also: What is Phishing? Everything you need to know to protect against phishing emails – and worse
To begin with, if Anti-virus software and spam filter are used and implemented properly, there is in most cases less chance of malicious email getting into people’s corporate inboxes in the first place – it’s a matter of technology, not human problem.
But beyond that, it becomes extremely difficult to process and separate spam emails from everything else in our inboxes, especially when for many of us, so many of them involve to office administrators – and cyber crooks know it.
According to security awareness and scam training provider KnowBe4Some of the most common subject lines used in phishing emails over the past year are related to IT software updates, letters from HR about performance, and letters claiming your boss sent you. link to join the meeting.
Many of us are used to seeing and clicking emails like these every day, as they are part of the way we do our jobs – if you get an email saying it’s from your boss about an unscheduled meetingthat’s likely to freak you out so you’ll click through.
Then with the message claims are about software updates and security patchesusers are just trying to do the right thing – ironically in this case, by doing what is asked and thinking they are helping to protect their computers from cyberattacks, instead, they inadvertently encourage a cyber attack.
Also: Google hackers: Inside the cybersecurity red team that keeps Google safe
But while it’s possible to provide employees with training on scams, it needs to be effective – one multiple-choice test per year won’t be enough. But so are the ‘gotcha’ phishing tests, where the fake phishing emails appear to be designed to be indistinguishable from the real emails victims would be sent every day.
It is unlikely that phishing attacks will be completely stopped – at least soon – but there are steps organizations and individuals can take to help ensure that they are protected against them. in the best possible way.
For beginners, if you are not sure about something, don’t click it right away – if the email claims to be from a coworker, use a non-email channel to ask if they sent the email. If it’s an email asking for urgent action that needs to be taken due to a problem with your account, don’t click the link in the email, but instead log into your account via the official URL – if something doesn’t work. okay, it will tell you there.
Plus, use multi-factor authentication (MFA) can go a long way to preventing usernames and passwords of both corporate and personal accounts from being stolen – though it’s not completely infallible against determined attackers.
Phishing attacks target human nature, they attack our hopes and fears, that’s why they work. And until we find an alternative to email itself, they won’t go away.
ZDNET’s SECOND OPENING
ZDNet’s Monday intro is our opening for the week on technology, written by members of our editorial team.
BEFORE ZDNET’s SECOND OPENING:
