How to avoid phishing
Summary of Beat the Hacker® Cybersecurity
Awareness Training Module
What is phishing?
Phishing is when attackers attempt to trick users into doing ‘the wrong thing’ by pretending to be someone trustworthy. Phishing can be conducted via text message, social media, by phone, and, most commonly, by email.
What do they want? It varies, but usually they want you to:
-Hand over a password
-Hand over personal information or financial details
-Pay money or make a transfer
-Click on a link that leads to a malicious website
-Open an attachment that may contain malware
Red flags
See the red flags in the image. Click to zoom in.
If you suspect phishing:
1. Don’t click on any links or open attachments. Visit the website directly in your browser and login.
2. Don’t reply. If you know the sender, try to get hold of them via phone or SMS to verify.
3. If you’re unsure, please speak to your IT department.
Tactics used in phishing
Scammers use emotional tactics to get us to bypass logic.
Our brains use two ways of thinking:
– the fast, intuitive, emotional
– the slow and deliberate
While the former is great for making thousands of quick decisions, it also leaves us open to unwise ones, based on mental shortcuts and truth bias (we assume people tell the truth, the opposite would be exhausting).
This leads to fast decisions like “Hey, it looks like it’s from my bank, I’ll click”.
When phishing works the best
Another reason we fall for mass email phishing relates to <b>external events and timing</b>.
Did you just miss a call, or are you expecting an invoice from a new supplier? Then you’re much more likely to fall for a “missed call” scam or invoice fraud.
What looks like an obvious scam to your colleague, might appear authentic to you as it matches your expectations.
<b>A question dear friend:<br></b>Which of the subjects lines in the image do you think had the best click through rates?
Examples of successful phishing subject lines
As you can see, urgent fear of missing something and curiosity top the successful phishing subject lines according to Kaspersky.
More red flags
Here are a couple more things to look out for. Please read carefully.
When in doubt, never click or reply. Always visit the website directly or contact the person who emailed you via phone or other means.
