Two experienced technology reporters recently invited cyber-security specialists to attempt to "hack" them, as an experiment to see how well they could defend themselves from a simulated cyber-attack.
Worryingly, even though the reporters spotted many of the phishing emails sent to them, they were still fooled by several of them. In particular, they were susceptible to clicking on phishing emails that manipulated them by:
- generating a sense of crisis or urgency;
- appearing to be publicity/press enquiries;
- appearing to come from friends and colleagues.
Some combined a number of these tactics in one email, for example, a message from their friend warning that it looked like their Twitter account had been hacked.
The report highlights the need to be vigilant and cautious, but there are also simple steps that can be adopted to reduce your risks, such as avoiding responding to emails with emotional triggers, checking the formatting of email address, and not downloading anything sent by email unless you are 100% sure it is legitimate.
If you have any queries about how to reduce the risk of becoming a victim of phishing emails, please get in touch with me at firstname.lastname@example.org.
We learned the hard way that even when you expect a cyberattack it's still remarkably easy to be victimized.