There is one thing that is for sure in the Cyber world
today: The attackers are getting more
and more clever in what they do. And in
fact, they phony websites and Phishing based emails look so real now it is
almost impossible to tell what is real and what is not. Even to the Cyber experts, this can be a
problem, as even they can be duped into becoming a victim as well. So now. What do they do to tell the
differences?
Here are some clues that even the experts use to make sure
that they think twice before clicking on that email or visiting a questionable
website:
1)
Taking the time to breathe:
There is no doubt that all of us,
in today’s society, get tons of emails every day in our inbox. Heck, even I do. Most of them are from other Cyber vendors
and lot of them are just newsletters or
some other piece of content, such as alerting people about the latest threats
that are out there. In fact, it has
gotten so bad that only do I mark most of them as Spam, but even some
legitimate emails go into my Spam folder as well. So I have to comb through that as well,
wasting more time. What I am trying to
get at here is that there are times you might be expecting a real email from
somebody that you actually know. But
instead, by coincidence (and I do mean that), you get an email from a
Cyberattacker. This psychological
phenomenon is also known as the “Confirmation Bias”. Technically, it can be defined as follows:
“The
tendency to process information by looking for, or interpreting, information
that is consistent with one's existing
beliefs.”
(SOURCE: https://www.darkreading.com/risk/scams-security-pros-almost-fell-for).
Let me
illustrate this with an example. A few
years ago, during the holidays, I had made a purchase
using my PayPal account. About 5 minutes
later, I got an email from PayPal saying that the
transaction did not go through. Of
course, I was quite alarmed, and I clicked on the link to respond to without checking it
first. When I logged in, I realized that
I was at a phony site. I logged
out immediately, and called PayPal. They
said that they never sent such an Email.
So I quickly changed my
password. To this day, I don’t even know
how it happened. Somehow, Cyberattackers are aware of your behavior, and
when you do make a legitimate purchase at a reputable
Ecommerce store like Amazon, they send you a Phishing Email a few minutes
stating that something is wrong with
your account. Because of this sense of
urgency, you respond. The moral of the story here is this: Even if you are expecting an Email from
somebody you know, always
contact them to make sure that they sent it.
2)
Submission to authority:
From the moment that we are born,
we are always taught to obey our elders, especially those that are in a
position of authority. This is of course
a good trait to have as we evolve into adulthood, but this is yet another area
that Cyberattackers use to make unsuspecting victims fall prey. In fact, disguising oneself as this kind of
figure falls into the realm of what is known as “Social Engineering”. This is where the Cyberattacker uses
techniques to particularly prey upon our most vulnerable emotions and
feelings. I can even relate to this a
long time ago. I was not in Cyber back
then, but rather, I was a creative writer.
But back then, Smishing was still existent. Long story short, I got a phony call from
somebody stating that they were from the IRS.
They had made claims about a tax return that was in error from a few
years ago. Being much more naïve back
then, I fell for it. They had made
further claims that I owed $3,000.00 in back taxes, and that I have to make
payment with my credit card. I
immediately hung up. They kept calling back, and eventually I answered the
phone. The guy on other end (who claimed
he was from the IRS) even yelled at me to make payment. Again, I started to
fall prey to this, and almost gave my credit card information. Something inside me made me hang up, and I
did. Eventually they stopped
calling. I called the Secret Service,
and they said that the whole thing was a scam.
Luckily, they never got my credit card number. This can also happen in the physical world
also. There are even stories of people
who dress up as cops and even somehow can get the flashing lights installed
onto their cars. They then pull somebody
over, and use that as a technique to cause even much graver harm to their
victim much more so than a stolen credit card number. Again, the moral of the story here is if you
ever get a call, or a Phishing email, or any thing like that, or even something
suspicious even in the snail mail, never respond quickly to it. You’re your time, go through it, and try to
confirm its legitimacy, if any. If you
have any doubts, always contact the sender.
On that point, Cyberattackers have even resorted to using the USPS as a
means for reaching out and luring victims into their cross hairs.
My Thoughts On This:
As you can see here, the common thread is invoking that
particular sense of urgency. And, this
is what the Cyber pros use when trying to detect a fake site, a phony call, or
a Phishing email. So keep one thing in
mind: There is always time. A legitimate
and true organization will always give you some sort of time period to respond
in, which will be reasonable to you.
So if you get anything with a sense of urgency attached to
it, first, take your time and breathe.
Read and reread your Email, snail mail letter, etc. over and over
again. Try to find any clues if it is a
fake or not. Look for things like
spelling mistakes, capitalization, misuse of grammar, etc. Any doubts?
Call the sender before you do anything!!! And remember, always trust your
gut. If something does not feel right,
delete it, or just throw it away.
Also keep in mind that with the emergence of AI now coming
into the world, it will even be that more difficult to tell what is real and
what is not. This is especially true of
ChatGPT, the latest AI craze. But that
will be a topic for a future blog.
No comments:
Post a Comment