Exercise Computer Common Sense and Avoid Phishing Scams Once and For All

If someone were to come up to you on the street and ask you where you live or what bank you use, it’s safe to say you would immediately be suspicious and not give out that information. We understand very clearly we should not give out personal information to total strangers. For unknown reasons however, the average person will suspend all doubt when asked about giving away personal information on their computer or mobile device. Unfortunately, most unsuspecting people unwittingly give out compromising data on their own computer systems without much of a fight. That said, if you take the right precautions, you can learn to avoid phishing scams and other data leaks once and for all.

The act of social engineering has been around since the dawn of Ask Jeeves and Oregon Trail. However, according to the 2015 Verizon BDIR Report, phishing scams have been on the rise since 2011. These campaigns typically involve social engineers convincing a user they need to take action on something immediately, which leads to account takeovers and fraudulent transactions. In fact, it turns out that one of the easiest ways to break into any computer system is for the social engineer to ask people to grant them access, or ask them personal questions that end up giving the social engineer all the information they need to gain access. Employees routinely give out information about their companies, visit unknown websites, and download malicious software under excuses from parties that call them on the phone.

DEFCON, a Las Vegas conference that discusses the current state of computer security, holds a session that proves just how easy it is to trick an unsuspecting user. The session, Social Engineering Capture the Flag, places contestants in a sound proof room with only a phone and phone numbers of major corporations. The task? Obtain specific pieces of information, called flags, from private sector companies. The purpose? To demonstrate how much potentially damaging information can be freely obtained either through online sources or via telephone. Many of those users called put an alarming amount of trust in these unidentified callers – the contestants. If you were to watch, you would have witnessed major financial and medical organizations give up passwords, system details and even download software that comprised their company’s system within two minutes of getting on the phone.

So how do we stop this? It is imperative that individuals are taught and retaught to suspend their disbelief when it comes to sharing critical information with others. Managers must make a point to warn their employees that when speaking to callers on the phone about their computers, they should approach it with the same level of caution they would a stranger confronting them about personal information on the street. Employees need to know that they are to never click on an e-mail from someone they do not know and never visit a website that they are unfamiliar with. Before an employee offers any sort of information about their device, it is imperative that they refer the caller to someone that is authorized and scheduled to service that computer.

By teaching employees to exercise their computer common sense they can begin to stop the trend of phishing, protect themselves and their companies. If you treat information about, and associated with, your computer, as you would your personal banking information and only give it out to verified trusted sources, the majority of phishing and social engineering scams can be avoided all together.

Share this blog