It’s the second week of Cybersecurity Awareness Month 2021, and this week’s theme is an alliterative reminder: Fight Phish!
Unfortunately, it seems that anti-phishing tips often fall on deaf ears because phishing is an old cybercrime trick, and many people seem to think that this is what computers or mathematical analysts call a solved game.
Tic-tac-toe (noughts and crosses outside of North America), for example, is a loose game because it’s easy to create a list of all possible games and figure out the best possible move from each game position on the list. (If none of the players make a mistake, the game will always be a draw.)
Even games that are enormously more complex have also been “solved” in this way, e.g. Pieces (draft) …
… and compared to playing pieces, it feels like seeing phishing scams as an easy competition that the recipient of the message must always win.
And if phishing is a “loose game”, isn’t it worth worrying about?
How hard can it be?
In short, the phishing “game” has only two features: the scammers always play first, try to trick you, and you always get to play second after they send their fake message.
There is little or no time limit for your move; you can ask for as much help as you want; you probably already have many years of experience playing this game; villains often make really silly mistakes that are easy to spot …
… and if you’m not sure, you can simply ignore the message just sent by the villains, which means you’ll win anyway!
How hard can it be to beat the criminals every time?
Of course, as with many other things in life, the moment you take it for granted that you will win every time is often the same moment you stop being careful, and that is when accidents happen.
do not forget phishing scammers get tried over and over again.
They can use email attachments one day, risky weblinks the next, junk texting the next, and if none of these work, they can send you fraudulent messages on a social network:
The villains can try to threaten you with closing your account, alert you to an invoice you have to pay, flatter you with false praise, offer you a new job or announce that you have won a fake prize.
They may be pretending to be your ISP today, they may masquerade as Apple iTunes tomorrow, and yesterday they could have said they were a courier company trying to deliver your latest online order.
Opposite to, you only have to make a mistake to rogue winner.
You may be tired or in a hurry or simply get caught up in an unfortunate coincidence where the subject of a phishing message happens to match something you just did online.
After all, phishing is not a “loose game”, and phishing scams are still the main way that crooks get their first toe over the threshold of online cyber incidents like ransomware attacks.
To be in front of phishing crooks, both at work and at home, you need to start by reading up on ours Top ten phishing scams:
We have listed the email topics that capture the most people when you train them using the Sophos Phish Threat toolkit, and it is often the friendliest messages that lure most people.
(If you’re wondering, one of the best phishing lures in our test was also one of the simplest: “The headlights are on. Is it your car? ”)
You should also read our article Phishing tricks that really work and how to avoid them, which gives you useful insight into the psychological tricks that scammers use:
Learn how to get your anti-phishing act together at work with our explains Gone phishing: Email security in the workplace in five steps:
And learn about the many different ways phishing crooks can customize their game in our technical analysis titled Serious security: Phishing without links – when phishers bring their own web pages:
Keep in mind when it comes to unexpected messages that will have you handing over information that you think you should keep to yourself: IF IN DOUBT, DO NOT GIVE IT!
DEFENSE AGAINST RANSOMWARE: WHAT WORKED (AND WHAT DIDN’T DO IT)
Finally, here’s an easy to follow video that you can also share with your friends and family to help them stay ahead of the phishing villains: