If you’re wondering why you still get fake emails from your bank asking for your login details because it has “lost” them, there’s a simple reason: people are gullible.
According to recent research from Verizon, it only takes 82 seconds after a wave of phishing emails is sent before the first victim bites. This perhaps surprising conclusion from the company’s Data Breach Investigations Report mocks the common perception that most people have outsmarted phishing by now. Unfortunately, the reason emails keep arriving asking for personal payment information is because they work. After all, the fraudsters only need to get one bite to justify a whole wave of emails.
Verizon’s report looked at over 80,000 security incidents and 2,000 data breaches before reaching its conclusions. A staggering two-thirds of data breaches can be traced back to phishing attacks. Hackers may have far more sophisticated tools at their disposal, but fraudsters are often sticking to the classic scams because it’s not only easier for them, but it’s also hitting the weakest link of any system: the human part. A machine-to-machine hack has to break through the computer’s blocks, but a phisher just has to convince one person to click on an attachment that then downloads malware. Alternatively, phishing emails will include links to a dummy site that looks like the person’s bank, where they’ll be encouraged to type in their personal information.
Shockingly, the Verizon report showed that 23% of recipients open a phishing email, while 11% open the attachment. These findings show there’s still a need for education about computer fraud, especially as these statistics are not exclusive to people at their home computers, but also at work. As half of all malware is downloaded in the first hour, computer network administrators will often not realise the problem until outsiders have gained access to the corporate system.
The issue is pertinent for businesses as ransomware attacks rose by 114% last year, according to April’s Symantec Internet Security Threat Report. Although ransomware attacks represented a tiny percentage of threats the year before, 2014 saw an increase in the number of businesses targeted. Sadly, it is an efficient tactic for cyber criminals as they don’t have to conceal their identity or convince anyone their requests are legitimate. Instead, they just take control of a company’s files, and demand cash in exchange for their safe return.
Email still remains the most common point of attack, but the past year has seen an increase in the number of attacks emanating from social media. Social media scams were manually shared by 70% of users last year, according to Symantec’s report, which made them even more efficient because we’re more likely to click on a link posted by a friend.
Here are five common social media scams, according to Norton:
- Chain letters. Tweets like “Retweet this and Bill Gates will donate $5m to charity!” often contain fraud links. If it sounds too good to be true, it probably is.
- Cash grabs. If a friend emails you about having lost their wallet while abroad, make sure to check if it’s a legitimate request – fraudsters often use this trick this after hacking people’s email accounts.
- Hidden charges. If a site promises to reveal to you if you’re more Yoda than Darth Vader, but first it wants your mobile number, think again. You may find yourself signed up to a premium service. Read the small print.
- Phishing requests. If an untrusted email takes you to a login page, don’t enter your username and password. Instead, type in the web address manually in a separate window to make sure you go to the real site.
- Hidden URLs. This is a tricky one, as shortened URLs are all over Twitter as they help people stick to restrictive character counts. But these can also be used to conceal a malware page, so exercise caution.
Computers are mostly associated with cyber threats and that awareness has led to fraudsters targeting mobile devices. The crooks have found this to be an efficient route because mobile users tend to be more lax about security. Last year, Symantec found malware in 17% of all Android apps, while 36% of apps (for any operating system) were classified as so-called grayware, which don’t do anything outright malicious but do questionable things like tracking people’s behaviour and slowing down the operating system.
It might be an idea to keep in mind that the smartphone in our pockets is actually a little computer, and behave accordingly.