It seems we haven’t learnt our lessons when it comes to email… temptation is still too great and we’re still opening those suspicious emails! According to Halon, and TNS Global who conducted a survey on their behalf about email security, 30% of participants admitted that they would open that email, even though they knew it was suspicious or contained a virus!
Admittedly the recent study only included 1,000 participants, not huge, but certainly an indication of what is obviously still a security problem for many organisations. Of the participants surveyed, 1 in 11 said that they had opened a suspicious email and/or attachment and infected the system, and the rise in social networking has only made the problem worse!
The Anti-Phishing Working Group’s (APWG) 2013 First Quarter report stated they had discovered over 74,000 unique phishing campaigns in the reporting period, which were targeting in excess of 1,100 brands and using 110,000 hijacked domains. Quite staggering numbers and when tallied with a 30% success rate, the criminals that run these campaigns are getting quite a return on their investment!
The majority of suspicious emails come from social media sites (15.2%), banking corporations (15.9%) and online payment providers (12.8%), such as PayPal. But what are some of the reasons for continuing to open these messages? Well, from woman’s point of view, the survey noted that an invitation to join a social network as being the most irresistible. From a man’s point of view, it was a combination of three tempting offers – power, sex and money!
It is quite obvious that security’s weakest link is people and their human natures and as fast as software tries to come up with the latest solution to prevent phishing attacks, the attackers are ahead of them. So, how do you prevent a phishing attack? Well, according to David Kennedy, creator of the Social Engineer Toolkit and TrustedSec founder, it’s a combination of raising awareness, education, technical user controls and handling processes. He said: “The problem is that no piece of technology can fix this alone. Our daily lives revolve around opening up emails at a rapid response rate, clicking just this one or that one has no relevance anymore and to take a few extra seconds to review the email isn’t part of our daily tasks.”
Tie this in with a ‘liked’ activity, such as social networking, or a personal issue, such as our health, then the likelihood that the email will be opened is that much greater; attackers have hit our weak spots, we’ve reacted and compromised our security… It’s basic psychology. That said, we’re all human and we make mistakes sometimes, but if we can all take a few extra seconds to review an email before clicking, surely that is better than having to spend hundreds of pounds rectifying a security breach?