The rate of cybercrimes has risen drastically across the globe in recent times. The advanced technology, the sophistication of attack methods used, and seemingly legitimate appearance of today’s phishing emails are a testimony of the strides of advancement that the phishers and cybercriminals have made in the past decade.
However, the advice for securing ourselves from phishing emails seems to have remained stagnant since the 2000s. One would always hear the same old song playing on when the topic at hand is that of phishing protection or ensuring cybersecurity in general. We need to defend ourselves from cyber threats by gathering information and resources that match the level of advancement of our adversaries. Merely following some age-old tips without cross-checking their effectiveness in the present scenario makes us more vulnerable than stronger to face the multitude of phishing attacks that hackers launch each day.
What Are These Obsolete Phishing Protection Advice?
Just like the stories of grandma that we pass from one generation to another, we continue to propagate specific phishing protection advice even today, in spite of their near-absolute ineffectiveness in the present era. Some of these old pieces of information are:
- Look Out For Typos/Grammatical Errors: We often come across this phishing protection advice that tells us to be cautious readers and scrutinize emails that look dubious. We are advised to watch out for grammatical errors, silly spelling mistakes, generic greetings, a false sense of urgency created by the adversary, etc., among other advice about which we hear and read.
- Hover Over A Link To Look At The URL: Another information that we frequently hear and tell others is that one must hover the mouse over a link that is attached in the mail to look at the URL. According to this phishing protection tactic, doing this helps one to see whether the email and the related website have any connection at all or it is just some fraud attempting to direct us to a fake website.
Though useful in their time, these bits of advice have now become obsolete. Hackers and cyber adversaries who design these frauds methods are also reading the same information and learning from them. Once they learn that their targets are watching out for specific characteristics in their practices, they only have to change that particular feature to continue fooling those people. The information merely gives out a notion that common sense and vigilance alone can protect one from the ever-increasing and hard-to-trace phishing emails, which is far from the truth and can leave us even more vulnerable.
Why Are These Phishing Protection Advice No Longer Effective?
The simple reason these measures are no longer adequate or sufficient to guard the individuals and organizations against phishing emails is that the attackers have, based on the very same advice, evolved their methods of attacking the information systems and victimize their target users. Their credibly constructed emails, free of their past errors and identifiable features, make four out of every 100 people give out their username and passwords, personal, and financial details to these adversaries.
- Intentional Errors: Adversaries make some typos and spelling errors intentionally to smartly evade the strict check that anti-phishing software put them through. Attackers use these techniques because clever misspellings help avoid basic spam filters. They plan their spelling mistakes well so that they go unnoticed by the human eye and thus help them give shape to their malicious intents.
- Grammatical Errors – No More A Concern: Because of the existence of grammar correction apps and tools such as Grammarly, Fiverr, Hemingway Editor, etc., even attackers with poor grammar and proofreading skills manage to send out relatively error-free emails that arouse barely any suspicion from receivers. Also, the availability of cheap writing services in Fiverr and other such platforms, where native English speakers are eager to write, edit, or proofread any document for a small amount of money, makes things all the more convenient for cybercriminals.
- Domain Variants Blur Genuineness: The phishing protection advice that hovering over a link can help locate whether an email is genuine is no longer as effective because of the existence of domain variants. Many organizations these days have a plethora of domain variants of their brands which are but confusing. Adversaries use this practice to their benefit because people often do not understand whether an option is the actual, legitimate site created by the organization or a fake one created by an attacker. Besides, some businesses fail to maintain a record of their registered domain names, allowing hackers to buy such and build phishing websites on these business names.
- Poor User-Interface Designs: Poor user-interface design in email clients stop users from successfully hovering over a link to check its authenticity. Another testimony of the poor user-interface design is that many smartphone email clients display only the name of the sender and not the email address. Probably done to save space, as screen real estate on smart devices is precious, this design is a deadly one that is exploited thoroughly by adversaries. The hackers’ method here is termed as ‘Display Name Spoofing’ and is a more straightforward and more effective method of deceiving phishing victims.
What To Do Instead For Phishing Protection?
- Nip the disease right at its root and prevent phishing emails from reaching the user’s mailbox by using professional anti-phishing technologies and tools.
- Phishing protection services designed specifically for the protection of organizations from phishing threats can inspect incoming emails for typical wording and text semantics, invalid digital signatures, and poor sender reputation – all of which often go unnoticed.
- Organizations can block employees from accessing malicious websites via web proxies and DNS-based blocking to protect them as well as the organization. These precautions are usually enough for protection from the direct attacks of adversaries on the employees.
The ever-growing sophistication in attack methods and advancement of technology used by cybercriminals mean that protection of your documents in the cyberspace is becoming more challenging. Besides, though protecting your information assets is not just limited to physical storage devices, you still have to protect the systems and appliances that organizations use to access them online and offline.
A false sense of security can do severe harm when it comes to protecting your database, applications, and other information systems from criminals. Keep yourself and your employees updated on the latest tools and techniques that cybercriminals employ and don’t make the mistake of relying on obsolete advice. Remember that you are not the only one who learns from the information. Update and upgrade your knowledge and methods of phishing protection to stay safe online.