As long as humans sit at computer screens, there will always be infected computers. There’s just no end to people being duped into clicking links that download viruses.
A report at theregister.co.uk explains how subjects, unaware they were guinea pigs, fell for a phishing experiment.
- Subjects were sent an FB message or e-mail from an unfamiliar sender, though 16 percent of the subjects who ultimately clicked reported they knew the sender.
- The sender announced they had images from a New Year’s Eve party but not to share them.
- 43.5% clicked the FB message link and one-quarter clicked the e-mail link.
- Many of the subjects denied making these clicks, but most who admitted it named curiosity as the reason.
- 5% claimed they thought their browser would protect them from an attack.
Obviously, there will always be that percentage of the human population who will allow curiosity to preside over common sense and logic. The idea of simply never, never, ever clicking a link inside an e-mail is an impossible feat for them—perhaps more difficult than quitting smoking or losing 50 pounds.
This is the battle that businesses have with their employees, which is how businesses get hacked into and massive data breaches result.
However, says the report, rigid training of employees may backfire because valid e-mails may be ignored—though it seems that there has to be a way for companies to get around this—perhaps a phone call to the sender for verification if the company is small. For large businesses, maybe executives could just resort to the old-fashioned method of reaching out to employees; how was this done before the World Wide Web was invented?
Digital signing of e-mails has been suggested, but this, too, has a loophole: some employees misinterpreting the signatures.
Nevertheless, security training is not all for nothing; ongoing training with staged phishing e-mails has been proven, through research, to make a big difference. Unfortunately, there will always exist those people who just can’t say “No” to something as mundane as images from a New Year’s Eve party from a sender they’ve never even heard of.
Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- How to win the War on Phishing
A phishing attack is a trick e-mail sent randomly to perhaps a million recipients, and the thief counts on the numbers game aspect: Out of any given huge number of people, a significant percentage will fall for the trick. The trick is that the e-mail contains certain information or is worded in such a way as
- Phishing works and here’s why
A phishing e-mail is sent by a cyberthief to trick its recipient into revealing sensitive information so that the crook could steal money from the recipient or gain access to a business’s classified information. One way to lure an employee is for the crook to make the e-mail appear like it was sent by the
- Finding out which Employees keep clicking on Phishing E-mails
You have the best IT security, but dang it…the bad guys keep getting in. This means someone inside your house keeps opening the back door and letting the thieves slip inside. You have to find out who this enabler in your company is, and it may be more than one. They don’t know they’re letting in
- Fake Funeral & E-mail Scams: Recognize & Avoid
How does a funeral scam work in the first place? This is something that I, as a security analyst, teach to the consumer public. First of all, the fake funeral scam starts off with an e-mail. The fraudulent e-mails come disguised as a notification for a funeral. The Better Business Bureau describes how the funeral scam
- Protect Yourself from Phishing
Everyone has received very obvious “phishing” e-mails: Messages in your in-box that have outrageous subject lines like “Your Account Will Be Suspended,” or, “You Won!” While some phishing attacks are obvious, others look harmless, such as those in a person’s workplace in-box, seemingly from their company’s higher-ups. Researchers point out that an e-mail may appear to come