Cybersecurity Bootcamp: How to Protect Yourself Against Devious Phishing Schemes
By George Finney, Instructor of the ProThink Learning Course Cybersecurity Habits Every Employee Should Master
While the signs of phishing seem simple enough to recognize, often the fast-paced, high-pressure environments in which we work make us all too susceptible to becoming the phish at the end of a hacker’s line. That’s why it is increasingly important for you to learn how to be more vigilant against threats, and here’s how you can do it.
The Phishing Tells
Phishing is a type of email message that attempts to trick you into clicking on a link and give away your password or go to a website that will install malware on your computer. The common signs that a message you receive is a phishing scheme include:
· Subtle misspellings of domain names:
o Gooogle
o Amazoon
· False sense of urgency:
o Please find enclosed vendor banking instructions for a payment that was supposed to go out in the previous week. I need you to process it immediately.
· Obvious grammatical and spelling mistakes:
o We detected something unusual to use an application to sign in to your Windows Computer.
· Attached links that don’t go to the intended location:
o When you hover your mouse over a link that reveals http://interweb-biling09.com/membershipkey/ instead of https://www.netflix.com/
As you can see, several of these tells depend on the recognition of small details. Therefore, if you’re quickly skimming through emails or your workplace requires near-immediate responses to all emails, you could easily fail to recognize these signs, especially as hackers get more advanced and meticulous.
Train Yourself to be Phishing Impervious
When we undergo training to recognize phishing, we are taught to look for certain red flags. But knowing what those red flags are and spotting them are two different things. What’s missing is active engagement in looking for those red flags. When someone’s mind is engaged in a different activity, like reading the content of a message or thinking about a response, their ability to successfully identify a red flag is significantly diminished.
Here are some effective strategies you can use to help stay vigilant against phishing schemes.
Slow Down and Frown
While smiling is wonderful in many situations because it relaxes you and makes you feel safe, it does not enhance your vigilance. On the contrary, research has found that frowning sends a signal to the brain, indicating that the environment has become emotionally or physically unsafe and individuals should exhibit increased vigilance.
With this in mind, the next time you read through your emails, practice the slow-down-and-frown technique: keep a frown on your face as you focus on scanning emails for threats. Utilizing this technique will naturally boost your vigilance level while limiting your focus to the activity of scanning for threats.
Reduce Distractions
As much as we like to do it, human beings are bad at multi-tasking.
Separate the tasks of reading email and responding to email. By focusing solely on reading, you will boost your skepticism, better prioritize your work, and eliminate informational messages, all while helping to reduce distractions.
Don’t Create a False Sense of Urgency
Environments that saturate normal tasks with an unnecessary need for immediacy make themselves vulnerable to cybersecurity attacks. If pressure is placed on employees to respond to emails immediately and to deliver requested materials to the CEO without question, these employees will abandon all vigilance and respond immediately without working through their normal vetting process for sharing sensitive information.
Strategize Your Schedule
The timing of when you do something is more important than people think. Researchers have found that cognitive ability does not remain constant throughout the course of a day, with the difference in performance between the best and worst part of the day being equivalent to consuming the legal limit of alcohol and time of day accounting for 20 percent of the variance in students’ testing performance. The time of day that results in the worst performance: the middle of the afternoon.
And phishers know this. Hackers are more likely to send phishing messages in the late afternoon because they realize that users are at their most vulnerable due to tiredness, distraction, stress, or a number of other factors.
Knowing that your vulnerability to phishing and social engineering increases in the afternoon can help you be prepared and more vigilant. Try adjusting your schedule to prioritize analytic activities, such as checking your email, for the mornings and more creative activities, such as meetings or presentations, for the afternoon.
Meditate
Cybersecurity presents threats that our brains have not evolved to combat. For centuries, survival, whether it be on the battlefield or face-to-face with a large predator, depended on quick reactions. Hundredths of a second could mean life or death. But in cybersecurity, you can take as long as you need to read an email or decide to click on a link. Rather than relying on quick processes of the threat center of the brain, good cybersecurity practices instead require better concentration, attention, and awareness.
Meditation is a practice that can help develop all of these elements. A study conducted by the University of Pittsburgh and Carnegie Mellon University found that mindfulness meditation increased the brain’s prefrontal cortex, the area of the brain associated with higher-level functions like awareness, concentration, and decision-making. Practice meditation regularly to help strengthen all areas of the brain that play a role in vigilance and prevent you from being a phishing victim.
Vigilance is Key
Vigilance is the state of mind necessary for keeping watch so that when you see something, you can be ready to recognize it and act. Being aware of the common tells of a phishing message is often not enough to protect a person from hackers’ schemes. Instead, it requires applying attention to detail and skepticism toward a task, which can be accomplished with the preceding activities.
