Do you know anyone who has been the victim of a phishing scheme? Have you ever accidentally clicked on a link that you instantly realized led to a phishing website? As security professionals, most of us would like to think we know the warning signs and wouldn’t be fooled. But if you’ve ever fallen for a phishing link, or know someone who has, you’re not alone.
According to a just-published Google study, phishing emails work 45% of the time. Researchers were surprised at the high number of people who fell for these scams, especially considering that phishing is one of the oldest tricks in the book and that most people are at least aware of them at this point. Significantly, researchers also found that the criminals used the victims’ credentials to access their accounts within half an hour, leaving very little time for damage control.
It’s not surprising that so many people fall victim to phishing scams, though, because criminals appeal to our basic human curiosity, as well as our ever-growing penchant for mobile devices and multitasking.
Here are three examples that illustrate why even tech-savvy people can fall victim to phishing scams:
- We Fall for Fake News and Celebrity Gossip: This past Saturday there was a report that Macaulay Culkin had died. While we haven’t seen any instances of malware or other viruses related to this hoax yet, many times stories like this have malicious links to participate in fake surveys that capture personal information, trick people into downloading malware, or gather “Likes” for Facebook pages that can be used in future scams. Criminals use recent tragedies as a base for creating fake news stories because they know people are curious. For example, last year criminals created a scam relating to the missing Malaysian airlines flight. When in doubt, check it out before you click.
- We Worry about Problems with Online Accounts: It’s a natural reaction to want to click on links when you get an “urgent” message stating that there is something wrong with your banking, email, shopping or social media accounts, or that you’ve missed a package delivery. However, these links almost always lead to phishing pages, so be wary of these messages, especially with the holidays.
- We’re Using More Gadgets and Always on the Go: When you’re on a small screen, it can be easier to fall for phishing links because we’re often distracted and multi-tasking while we’re using them, or don’t pay as much attention to security as we would on a PC. Spammers and phishers take advantage of this tendency. They’re also creating malware to access your contacts and send out infected emails that appear to be from someone you know, making it even more likely you’ll click. According to security experts, criminals have adapted these techniques for instant messaging, social networks, and SMS text messaging. Kaspersky Labs also reported earlier this year on instances of fake notifications imitating messages from mobile apps, in which spammers spread malware via messages that appeared to be sent on behalf of popular applications.
Learn more about how to train your employees to spot these scams from a mile away with our Cyber Security Awareness Training.