Phishing scams are becoming more complex and targeted. Some people can spot the more obvious phishing scams (e.g. Nigerian Prince asking for money) but not many can spot the more sophisticated phishing scams, also known as spearphishing attacks.
These types of attacks are specifically made for the victim and are targeted and personal. The attacker creates these attacks through social engineering making it harder for the victim to realize the email, text message, social media message, phone call or thumb drive as deceptive.
The attacker hopes the victim will click on a malicious hyperlink or open an attachment infected with malware. If the victim completes these actions, the criminal accesses the user’s computer and sometimes the victims corporate network.
So why do people fall victim to these types of attacks?
- Cognitive Efficiency— As humans, we want to retrieve the most information with the least amount of brain effort. We make mental shortcuts to help in this process. As it relates to spearphishing attacks, we look at messages for logos, brand names, familiar phrases and names. This results in us bypassing typos, the request and the sender’s header information.
- Online Safety Naivety — Many people believe that they are safe online and that malware or attacks cannot happen to them. They believe that browsing on mobile operating systems are more secure or that Google’s free Wi-Fi is safer than others due to the brand name.
- Habitual Technology Use – We are so immersed in technology today that people are continuously using email, connecting on social media and texting without thinking twice.
How Can You Prevent Being a Weak Link?
- Pay attention to your security training at work
- Report any suspicious requests to IT Department immediately
- Ask yourself do you know the sender, if so ask either in person or over the phone if they actually sent the message and if their request was legitimate
- Never give your passwords out to anyone
- Make sure your social media accounts have security and privacy settings in place