You are just as good as a cybersecurity expert at seeing phishing email

You are just as good as a cybersecurity expert at.jpgsignature9605bcb40308ec8fb3a5416fc8c8d7ea

An employee of MacEwan University in 2022 received an email from someone claiming to be a construction contractor asking to change the account number where nearly $ 12 million in payments had been sent. One week later the contractor himself called to ask when the payment would arrive. The email about changing account number was fake. Instead of going to the contractor, the payments were sent to criminally controlled accounts.

Emails that try to get people to do things they don't normally do, such as send money, run dangerous programs or give out passwords, are called phishing emails. Cybersecurity experts often blame the recipients of such messages for not being aware that the emails are fraudulent.

As a cybersecurity researcher, I found that most people are good at almost every skill that computer security experts use to detect fake emails in their inboxes. Making up the difference comes down to listening to your instincts.

Index

    How the binoculars are made

    In an earlier search, I found that when cybersecurity experts received a phishing email message, they, like most people, accepted that the email was genuine. First they took everything in the email at face value. They tried to find out what the email was asking them to do, and how it related to things in their lives.

    As they read, they noticed little things that were similar, or different from what would normally appear in similar emails. They noticed things like typos in a professional email, or the lack of typos from a busy agency. They noticed things like a bank providing account information in an email message instead of the usual notification that the person waiting for them had a message in the bank's secure messaging system. They also noticed things like someone sending them an email without first naming it in person.

    READ  SpaceX launches two Falcon 9s in one day for the first time - TechCrunch

    But being aware of these signs is not enough to detect that email is a scam. Instead, the experts just became uncomfortable with the email message. It wasn't until they saw something in the message that reminded them of phishing that they became suspicious. They would see anomalies as a link that the email was trying to get them to click. In my mind, these are mostly related to phishing emails.

    Coupled with the uncomfortable feeling about the email message, this reminder inspired the experts to recognize that phishing could explain the strange things they noticed. They became suspicious of the message and investigated whether it was fraudulent.

    Math instincts

    If that's what experts do, what do regular people do? When I interviewed people with no computer security knowledge, I found a similar process. Most things noticed things that seemed out of place, becoming uncomfortable with the email, remembering about phishing and checking.

    My research found that people are good at the first two steps: noticing things in the email that seem strange, and becoming uncomfortable. Almost everyone I spoke to noticed a number of problems when they saw a fake email, and they told me about feeling uncomfortable with the message.

    Subir

    We use cookies to ensure that we give the best user experience on our website. If you continue to use this site we will assume that you agree. More information