When we hear news about this scam or that, we often wonder how someone else could’ve fallen for such an obvious hacking attempt. But in truth, email scams are not that easy to decode or identify. Especially because modern email scams have become more personal, researched, and focused.
Hackers are now doing their homework on you before they decide to target you or your organization. They are scavenging the whole internet for any little detail that they can find on you. Then they’re willing to use any and all personal information that they can find in order to engineer their email phishing mails. Even those experienced with cybersecurity practices are falling prey to these modern email scams.
Gone are the days when hackers would just dangle money or offers or some attractive hook in front of you and expect their email scam to work. Now they know exactly what makes you tick. They understand what you’re most likely to react to. And they tailor their phishing baits accordingly.
How are our natural human tendencies are helping hackers
When it comes to the workplace, the basic human tendency to please and get praise from seniors has helped hackers craft smart phishing campaigns that have a high success rate. Without spending much effort, hackers can come up with baits like, “Hi, I am at this conference and need that report ASAP.” And there goes your confidential information in the hands of the hacker.
Apart from our professional lives, our personal lives are also under constant scrutiny. Hackers are combing through our social media actiivities, the posts we comment on, the type of content we engage with, and the communities we interact with online to build up our profiles, which they can use to tailor their email scams.
Multiple phishing campaigns have been uncovered which use job positions, age, social tendencies, monetary status and other emotional triggers as the central theme. And they work!
Google Safe Browsing statistics show there are now 75X more phishing sites than the previous several years.
Reports also say 20% of all employees are prone to click on phishing baits. Of these, 68% enter their credentials on phishing sites.
When it comes to the monetary impacts of modern email scams, globally, businesses lose around 20 billion USD every year!
What can you do to protect yourself?
There are things you can do to easily prevent such targeted, modern email scams from catching you off-guard.
The first is to check the sender’s email address. If you hover over the name in the From field, you can identify the real sender email address. If there is a discrepancy, it’s a sure sign something is phishy.
The next thing is to take an objective overview of the information you are volunteering to the world. Be it fun social media channels or corporate ones like LiknedIn. What opinions are you posting that can reveal things about your personal nature? What items are you leaving in public wishlists on shopping sites like Amazon? It will shock you how the tiniest little public detail can be used against you.
Another step to take is implement a very strong password policy. Keep passwords that are not the name of your first pet or your birthday, or something special about your personal life. For more helpful pointers, refer to our blog on password strength.
Times are tough. Our digital lives are constantly under monitoring by unseen eyes. One of the best things you can do is to automate the critical aspects of your security by partnering up with a security organization.