Back in the early 2000s, you among millions of people may have received an email from someone who claimed to be a Nigerian prince. In this email, the person claimed to want to bestow his inheritance to you — how kind he is to a stranger! The only condition is that you must submit a few pieces of personal financial information.
Of course, there was no such altruistic Nigerian prince, and lots of people submitted their personal information willingly to a stranger on the Internet. If you have had experience in recognizing spam emails or text messages, there is very little chance you could fall for a possible phishing attack.
Phishing attackers are mind tricksters with little to no software experience
What is the likelihood of falling for such tricks? You might think to yourself, “I’ll never fall for anything fake like that.” However, a study has shown that we are more likely to fall for a phishing attack than we think. Ironically, this is because of our firm belief that we can spot the fakes, and thus underestimating a possible threat of phishing attack.
If you look carefully at the history of cyberattacks, some of the most devastating ones involve tricking people into downloading very simple software. Phishing attackers don’t even use software — they practically trick the users’ minds into sending sensitive data at will. This is potentially more dangerous than malware.
Phishing attacks rely on vulnerabilities in people’s psychology. Take note that the most common attempts at phishing involve your professional and personal contacts, as well as your bank. A survey in the US found that:
- 5% of Americans prioritize response to emails from their boss
- 33% prioritize emails to confirm bank transactions or other activities
- 54% prioritize emails from family or friends.
Social media actually contributes to spear-phishing attacks (directed attacks) as multiple cases of historic social media data leaks have allowed attackers to know who you are connected with. Unfortunately, data leaks can also happen to the best banks in the world.
Attackers use leaked information and try to match the email designs as much as possible. They then send these fake emails to millions of people and pray that one person is too careless to respond to this email.
Security Awareness for COVID-19
As more people work from home than ever before, phishing attack numbers soar. Do not let this happen to your organization. Xynexis IGNITE Security Awareness Training is crucial for organizations that are trying to survive the pandemic. With this training, your staff can understand good cybersecurity practices and reduce the likelihood of inciting a cybersecurity crisis by accident.
Learn more about Xynexis IGNITE Security Awareness Training.