Phishing is probably one of the most common and well-known attack methods today. Google is reportedly blocking 18 million coronavirus scam emails every day and registered a record 2 million phishing websites in 2020. Even though phishing attacks are constantly evolving, becoming technologically sophisticated and more prevalent, the following trio of basic laws apply at the heart of an attacker's strategy. |
Imitate, Motivate and Act
Imitation is the impersonation of a trusted source. A phishing message will always strive to look like it originates from a trusted organization or individual. Most cybercriminals try hard to make their messages look legitimate and convincing, using the same fonts and copying colors, logos and branding to fool people. Motivation is the social engineering part of the phishing attack. Scammers tailor messages for one single reason — to motivate people to take action such as a click, reply, download or tweet. They exploit human instincts by crafting phishing messages that get victims upset, curious, infuriated or anxious. Such messages play on a victim's emotions, provoking a response. Act is the final step or the invisible hook that is lurking in a phishing attack. This could be a form that a user can fill out, a click on a social media post or instant message, or simply a visit to a site that could cause a drive-by download. Upon a successful click or download, the victim might be stuck with some kind of malware or backdoor Trojan that can evade detection for a long time. Even a carefully crafted, well-polished phishing attack exudes telltale signs indicating the email is neither legitimate nor trustworthy. The above slideshow highlights six common signs to watch for. The best way to avoid phishing is by looking out for these tell-tale signs and steering clear of clicking on any attachments, links in emails, tweets, Facebook pages, and the like. Vigilance is not an inherent but an acquired trait, and it only comes through routine practice and experience. One of the most effective ways of acquiring this muscle memory is through ongoing simulated phishing exercises that train staff on newer, evolving techniques, creating a mindset of what they should be looking out for. Stu Sjouwerman is founder and CEO of KnowBe4, developer of security awareness training and simulated phishing platforms, with over 35,000 customers and more than 25 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. Stu is the author of four books, his latest being "Cyberheist: The Biggest Financial Threat Facing American Businesses." He can be reached at [email protected]. The opinions expressed here are the author's own. Related: |
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
