To stop phishing scams, you just have to realize that online criminals have a pretty good idea how we use the internet.
By sending out spam run after spam run and seeing what works, they operate like behavioral scientists. And what they discover about our behavior can be disturbing.
Check out these spam emails, which F-Secure Labs recently identified as part of a huge campaign using ZIP files to deliver GandCrab ransomware:
Not very complicated, right?
Just a subject line, a 😉 emoticon and a zip file disguised as picture. Click on that zip attachment and you could see this:
That’s it and works. Spam spreading phishing scams continues to be on the rise after more than 30 years of causing us trouble because it’s effective and easy.
You should always be running top-notch security software to stop these threats. But there’s more you can do. Your mind is like an operating system and you need to secure it against phishing scams. Here’s five things to keep in mind to stop yourself from become a victim.
1. Remember that you are your greatest vulnerability.
Phishing scams can’t work without your help.
A successful phishing scam generally requires at least two clicks by you—opening the email and clicking on a link or an attachment. Usually there are additional steps that seal your fate—like clicking “Enable Content” to allow ransomware to infect you or filling your private data into a scam form.
Each step is another chance to save yourself and each step likely makes the scam less effective. But phishing emails can be sent out in massive numbers, meaning just tiny percentage has to work in order to pay off for the criminals.
2. Train yourself to not just click on emails.
Some phishing scams are very targeted, also known as spearphishing, or they just may feel targeted because they are sent from the hacked accounts of your friends and colleagues.
Anything that enhances the believability of an email helps the scam works, so quite often scams are send using the faked appearance of huge brands you trust and expect things from—like Amazon, your bank or FedEx.
Chances are we’re all going to be fooled, eventually. You can reduce the chances that your mistake will be too costly by teaching yourself as a rule to avoid clicking on anything in emails. Training yourself to at least question the click is a potent way to avoid becoming a victim.
3. Remember that they’re playing with your emotions.
Feeling like a winner when you see this?
You’ve just “won” an infected PDF.
“Maybe something bad has happened,” said Janne Kauhanen, host of our Cyber Sauna podcast. “Maybe something great has happened.”
Phishing scams feed on our desire for great news and our fear of bad things.
Criminals also know we’re likely to be expecting something to be shipped to us. And if we weren’t expecting something, we could be getting a gift. Yay.
Anything unexpected, good or bad, can light up our brain and encourage a bad click. Awareness that phishing scams are targeting us isn’t enough, but teaching ourselves to questions the bearers or bad or good news is a smart tactic.
4. Beware urgency.
Any email that wants you to click now should trigger your personal warning siren.
A spam campaign identified by F-Secure Labs employed tax billing records, which are by definition time sensitive. Another called out a disputed claim from American Express. That seems urgent!
If they say it’s urgent, do the smart thing and don’t click. Pick up the phone to call the purported sender to see if this scam is real. By the time you start dialing, you may have figured it out for yourself.
5. Test yourself.
Again, awareness isn’t enough. We need to practice this, every day. In a sense we are, every time we open our inbox. But we should also practice where the stakes aren’t so high and the scams aren’t easy to detect.
Check out this phishing test from Google.