I sometimes like to take a little bit of time if I see an obvious phishing email in my mailbox. You recognize them immediately; asking you to click on links, if you want to collect some money, and of course; you have won a brand-new iPad2 simply because they like you.
Raise your hands… who knows the most common tricks of phishing mails?
And now, how many of you know how to recognize them?
All of you? Good. I am happy I have a smart audience here.
Now, I am the last one who claims that everyone should know every trick there is to know about recognizing basic fraudulent emails, but come on, some are so obvious. Hence the smirk on my face reading some of them this morning. First of all, our business has been sued by a client through the Better Business Bureau and I need to ‘click here’ to read this complaint. Oh, and very nice, a person out of Phoenix Arizona asking me if ‘click here’ is the item on Craigslist I have for sale, so that she knows we are talking about the same thing. Oh, and the IRS contacted me that I can get an extra tax-deduction over last year that I can cash in right now if I ‘click here’.
And each of those ‘click here’s can be as well replaced by a ‘open this word document: document.doc.exe’
But you know, it is nothing special. Heck, I talked about it many more times. And usually I would say that these mal-practitioners are just lacking any creativity and are too lazy to come up with something good. But yesterday I was so faced with reality that I honestly had to admit; they don’t have to be more creative since there are legion people out there willing to click on anything. And not just about ‘a couple’, no, I mean, the majority.
A girl I work with called me over yesterday with the question if I too received emails about the bouncing transactions in our account of the company. I had no clue what she was talking about so I asked her to show me the email. I walked over, and she opened the mail again and immediately started clicking on the link that was posted. And if I ever had a dumb look on my face (no comments please), this was it.
…….. KUNK ……..
Not only did she not wonder why she received an email about our financial account, but she also did not even think about it why an European bank would ask for our account of our US based firm. The fact that the link had a printed name of even another bank, and the url itself – by hovering over it – was a bit.ly url.
Oh, and last but not least, the English was even worse than my own as immigrant European.
But it is not only this person, more and more people are simply ignorant of the danger. It is not the end of the world, but come on, just like how you should be aware of dangers while driving a car, using fireworks or handling machinery, people should at least be aware of the basics. But I have to face reality here… it is simply not true.
And taking precautions only slows the usability and experience down. And most people or don’t want it, or don’t want to be involved. Worse, a lot of people gladly pay companies like LifeLock tons of money to prevent things like identity theft, but have no clue that this kind of behavior just blocks any effectiveness.
Should we then really have some kind of ‘Certified Web User’ certificate that is required before buying a computer??? Well, maybe we should. Sigh… I don’t have a solution. Maybe we should have an operating system recognizing how a user behaves online, and sets the security appropriately. If you click more on these dangerous links, your firewall becomes more strict. Just as long as the user shows in their behavior they’ve learned.
But if you do that, we again go to a more ‘Big Brother’.
Look, I wouldn’t care if it only would hurt the person showing this kind of behavior. In that case, too bad for you, but it is your problem. But if these people click those links, open those documents, within a company network, there is a lot more at stake. And sure, a company should be able to set rules and training for their people, but come on, you might expect some level of intelligence?!
Oy…. I need more coffee.