Do you Know How to Spot a Scammer?
Do you know how to spot a malicious email or know if someone is trying to trick you into giving information on a phone call? If you are technical and been around the block a bit, you are confidently saying yes right now. You are also thinking that your end users need some help in this regard. You are partially right. Your end users do need some help. Since I do a lot of phishing tests both internally and externally, I feel pretty confident saying that you or others on your technical team need some help too.
For some reason, technical people like to click things. Amex receipts for $50,000 on a Ferrari or lost FedEx packages, it really doesn’t matter, you will click it. I get more technical people than almost anyone else. It’s like the people that drive fast in the snow when they have four-wheel drive. They trust that they are safe, but end up in the ditch just the same.
No matter who you are, you need to pay attention and stop and think before you click any link. Do I normally get Amex emails to my work account? Would the court send me a traffic violation to my work email?
A good phishing email makes you worried that you are in trouble. Court violations, angry invoice emails, etc all encourage you to click the link because you want to stop the stress and get moving on fixing the situation. Take a few steps and hover your mouse over the link before clicking. Where does it go? Does it take you to americanexpress.com or does it take you to annericanexpress.com? Pay particular attention to the way things are spelled. When you are in a stressful situation you’re a more prone to making rash decisions. Take a second to review what is happening. An extra minute or two normally will not make a difference to the client, but it can make all the difference for you and your online security.