Most of us believe we can spot a scam a mile away. Of course if that were true, scammers would have to find day jobs. But a recent study sheds light on just how easy it is to be a scammer… and how that’s not changing anytime soon.
Ars Technica reported “a study by researchers at a university in Germany found that about half of the subjects in a recent experiment clicked on links from strangers in e-mails and Facebook messages—even though most of them claimed to be aware of the risks.”
According to researcher Dr. Zinaida Benenson: “The overall results surprised us, as 78 percent of participants stated in the questionnaire that they were aware of the risks of unknown links… And only 20 percent from the first study and 16 percent from the second study said that they had clicked on the link.”
But in fact, of those claiming they were security savvy, “we found that 45 and 25 percent respectively had clicked on the links,” Dr Benenson said.
These results aren’t a fluke unfortunately.
Last year, CBS News partnered with Intel Security to conduct a similar test of their readers. The results were not encouraging: “Of the 19,458 people who took the quiz, the vast majority — 80 percent — fell for at least one of the fake phishing emails they saw. Only 3 percent got a perfect score.”
Evidently, these are good days to be an internet scammer.
This could help to explain that despite enormous amounts of time and money spent on educating employees and consumers, cybercrime is still immensely profitable.
CNBC reported recently that “crimes in cyberspace will cost the global economy $445 billion in 2016 — more than the market cap of Microsoft ($411 billion), Facebook ($314 billion) or ExxonMobil ($332 billion) — according to an estimate from the World Economic Forum’s 2016 Global Risks Report.”
That $445 billion is still small potatoes though… Forbes projects it will hit $2 trillion by 2019.
But why?
According to the German study “for those who admitted to clicking on the link, the majority said they did so out of curiosity.”
Most commenters on the Ars Technica piece agreed… clicking on a phishing link is just too tempting for people:
“Three of my users click on literally every phishing link. We know. We see it in the logs. Not sure if stupid, malicious, or apathetic. Or maybe they are trying to break their computer because they are lazy and would like a paid break while we issue them with a new computer?”
“Guilty. I click on them most of the time. I’m both morbidly curious and very confident — perhaps foolishly so — in my malware-squashing measures.”
Evidently it’s just too tempting to see what will happen for most of us.
So consider this your friendly reminder: Cybercriminals are counting on your curiosity.
They might get you eventually, but you should still remain aware of what sort of emails to avoid entirely. Read on to see a quick and dirty tutorial about preventing these kinds of attacks…
The big picture idea: if you have the slightest doubt, don’t click it!
10 Tips to Prevent Phishing Attacks
As you know, phishing is a technique that involves tricking the user to steal confidential information , passwords, etc, into thinking you are a confidential site.
So far the hackers have used emails to launch this type of attack, but with the widespread use of social media networks and smartphones with internet access, the types of attacking are multiplying.
These emails include a link that takes the user to site known to have a confidential website, but they’re mere mimics with zero confidentiality.
Thus, overconfident users who do not have adequate antivirus protection, could be involved in attacks that are aimed to steal personal data.
And because of the economic crisis which is unfortunately affecting several countries, phishing attacks attracting people with the promise of a great job or an easy way to get money.
The question is … How can we prevent this type of phishing attack?
10 Tips to Prevent Phishing Attacks
1. Learn to Identify Suspected Phishing Emails
There are some qualities that identify an attack through an email:
- They duplicate the image of a real company.
- Copy the name of a company or an actual employee of the company.
- Include sites that are visually similar to a real business.
- Promote gifts, or the loss of an existing account.
2. Check the Source of Information From Incoming Mail
Your bank will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank directly for clarification.
3. Never Go to Your Bank’s Website by Clicking on Links Included in Emails
Do not click on hyperlinks or links attached in the email, as it might direct you to a fraudulent website.
Type in the URL directly into your browser or use bookmarks / favorites if you want to go faster.
4. Enhance the Security of Your Computer
Common sense and good judgement is as vital as keeping your computer protected with a good antivirus to block this type of attack.
In addition, you should always have the most recent update on your operating system and web browsers.
5. Enter Your Sensitive Data in Secure Websites Only
In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.
6. Periodically Check Your Accounts
It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.
7. Phishing Doesn’t Only Pertain to Online Banking
Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc.
8. Phishing Knows All Languages
Phishing knows no boundaries, and can reach you in any language. In general, they’re poorly written or translated, so this may be another indicator that something is wrong.
If you never you go to the Spanish website of your bank, why should your statements now be in this language?
9. Have the Slightest Doubt, Do Not Risk It
The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
Delete these emails and call your bank to clarify any doubts.
10. Check Back Frequently to Read About the Evolution of Malware
If you want to keep up to date with the latest malware attacks, recommendations or advice to avoid any danger on the net, etc … you can always read our blog or follow us on Twitter and Facebook . Happy to answer any questions you may have!
P.S: This was originally published at Panda Security