Don’t be fooled into thinking you won’t be a victim of a social engineering scheme. Unless you have magic (or Area1 – which is kinda the same as magic!) you probably have a phishing email in your work account right now. Here are some facts you need to know!
If you read up on social engineering yesterday, and you checked back today to learn more, you are one step closer to becoming a cyber security ninja. Here’s the article if you missed it. Basically, social engineering is manipulating people in order to get information. Fake emails trying to get you to “confirm” account info? Social engineering. Watch out for those malicious URLs! DMs from too-good-to-be-true Tinder dates with a background check cuz they’ve fallen for bad guys one too many times? Far fetched, but if it happens, that’s social engineering too.
The trick is, you can avoid it all if you know where to look. Here is a list of 9 facts (source: Proofpoint) about social engineering, and suggestions on how to help you become the teacher and not the student.
- Mobile devices make up 42% of all clicks on malicious URLs. Just because something is mobile friendly, or is part of an ad on an app, does not make it legit. Don’t click unless you’re sure.
- 37% of total clicks (not just mobile) come from Android devices, only 8.5% from iPhones. That doesn’t mean you’re off the hook if you own an Apple cellphone. Still look out for phishing schemes!
- 90% of clicks on malicious URLs occur less than 24 hours after they have been delivered. A quarter of the clicks happen in the first 10 minutes. Take your time. Offers can end soon, but not that soon.
- Malicious activity peaks on business days right around lunchtime. If you are a lunchtime browser of emails or Facebook, remember that scammers are NOT taking a lunch break.
- Thursday is not just a day for throwbacks. 38% of malicious emails come in then, so watch out while you post your #tbt.
- What was the top phishing lure (bait to get you to click) of 2016? The Apple ID. In fact, it accounted for 25% of phishing lures used.
- The next most common lures? Microsoft Outlook, and Google Drive. Together these accounted for almost 30%. Though not as common as the Apple ID, these were the most clicked links.
- Don’t be fooled, though. People will try and steal anything! From USAA, PayPal, LinkedIn, CapitalOne, and Adobe, phishing lures can be used to hook anyone willing to try the bait.
- Industry affects click rate. For example, in the healthcare industry, 3.4% of malicious URLs are clicked on. In the construction industry, that number is more than doubled, with a 7.2% click rate
Phishing is a dangerous game, especially if you’re the catch. Cyber criminals are out to get you, and social engineering is only going to get harder to catch. You can watch for malicious URLs in your emails for now, but maybe one day you won’t be able to tell. Just because something looks real doesn’t mean it is. Stay safe, or better yet, become a cyber security ninja and never be a victim of phishing again!