Human beings are flawed. This is part of our charm. It is at the core of who each of us is. Unfortunately, no-one is perfect. And our creations often have flaws. It is impossible to create universal perfection. For everything we create, there are those who find ways around them. Our intentions aren’t always pure because, when we create, we often look to satisfy our own specific needs which aren’t always necessarily the collective’s need.
While, in the early years, we fluctuated between panic and apathy when it comes to privacy and security, the digital and social technology overload as rendered as, at times, indifferent when it comes to privacy. We volunteer our lives, our thoughts, our fears, etc through social media without much thought. There are so many platforms and digital spaces, it becomes a task to decipher and understand privacy settings, rules, etc. Even when we do, trying to keep track is near impossible.
I now have about six email addresses. Being a consumer to information with a wide area of interests, I subscribe to multiple email newsletters in addition to the multitude of emails I receive from a work, research, interest and personal perspective. I sign up to things just to see how they work or simply out of curiosity’s sake. As a result, although I try to, I am not always vigilant when it comes to jumping onto things that look interesting.
But, the one thing I always do, is check when in doubt, for example, when I received an email from SARS requesting my banking details for a tax refund, I checked the email address it was sent from and actually called them, because it looked dodgy. Or when I received an email from my bank requesting confirmation of my banking details. Email phishing can catch you out, unless you look closer but, if you looked closely, it was relatively easy to spot the discrepancies.
IT security companies spend resources on creating the necessary security software to monitor for spam and malicious emails but, as with most things, there are those who spend their time trying to figure out how to ‘break’ security.
According to Wired’s Hacker Lexicon, the difference between phishing and spear phishing is as follows: “Spear-phishing is a more targeted form of phishing. Whereas ordinary phishing involves malicious emails sent to any random email account, spear-phishing emails are designed to appear to come from someone the recipient knows and trusts—such as a colleague, business manager or human resources department—and can include a subject line or content that is specifically tailored to the victim’s known interests or industry. For really valuable victims, attackers may study their Facebook, LinkedIn and other social networking accounts to gain intelligence about a victim and choose the names of trusted people in their circle to impersonate or a topic of interest to lure the victim and gain their trust.”
To get a clearer idea on how a spear phishing attack can happen, check Mimecast’s White Paper HERE.
IT security companies will continue to work to stay ahead of cybercriminals but the reality is improving what is termed the Human Firewall (basically us) is absolutely imperative. It is about ensuring that we don’t depend solely on the tech and stay clued up on how cybercriminals use human nature to lure us into clicking on malicious links. It is about understanding that they will gain our confidence organically and use that against us. And, if you think this is something that doesn’t affect South Africa….
To stay vigilant, we need to constantly upskill ourselves. Mimecast is holding a Human Firewall event on September 10th in Joburg. It’s open to the public and you can register here: REGISTER
This is to complement what they are doing with their new version of Targeted Threat Protection, which “teaches people why links are malicious when they click on them by alerting them to the URL which may look like fnb.co.za but is actually fbn.co.za, or ‘sars’ says ‘sar’, etc.”
Forewarned is forearmed. #SpearPhishing #HumanFirewall
Siyabonga