One of the keys to thwarting social engineering attacks is knowing what makes us want to click on links or respond to emails, according to cybersecurity expert Raef Meeuwisse. In an article for Infosecurity Magazine, Meeuwisse explained that no one is immune to being scammed, and different types of scams target different sets of people.
Some scams, such as Nigerian prince schemes, are designed to target people who don’t know any better. The vast majority of people will ignore an email if it even mentions Nigerian royalty, but the scammers aren’t going after these people; they only want to fool the fraction of people who are gullible enough to actually send them money.
“There is no shying away from the fact that some scams and phishing items are constructed specifically to filter out people that may be resistant to the next step in a scam,” Meeuwisse says. “Email messages with typos, websites that are not built quite right – these are not always unintentional. Sometimes they are an effective way of ensuring that only the most susceptible potential victims progress to the next stage.”
Other scammers go to great lengths to make their attacks as convincing as possible, and many of these scams have very few visible signs that could tip off recipients. Meeuwisse says people shouldn’t assume they’ll be able to spot every scam attempt, because this mindset only helps the scammers.
“The hardest truth is that no matter how good any of us are at detecting and defeating scams, there is always a way through,” he says. “The trick (from the scammers’ perspective) is to make the scam at least as convincing (if not more so) than the legitimate actions or transactions we make every day.”
Meeuwisse adds that there are measures we can take to defeat scammers. For example, we should be on the lookout for offers that seem too good to be true and urgent-sounding emails that prompt us to take action. Knowing the techniques scammers use to push us to do what they want can drastically improve your chances of identifying social engineering attacks.
“Can I defeat every scam?” he writes. “No. Not at first, anyway. Many of the scams I get to see are so good they look more convincing than things that are not scams. However, what we can all do is to help ensure that the probability of a scam being successful is minimized and that the few scams that find some way in can never get quite as far as they hoped to.”
Meeuwisse concludes that the best way to fight scammers is through a combination of employee training, security technology, and protocols. New-school security awareness training is an essential layer of defense that can help minimize your organization’s attack surface.
Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/blogs/click-here-falls-scams/
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
