Learn more about the kind of email phishing headlines that end up fooling the smartest tech professionals, and how you can better protect your business.
Any tech professional worth their salt understands the damage wrought by unsuspecting users clicking on links inside “phishing” emails. It’s not surprising when tech-challenged individuals end up getting sucked in by today’s social engineering attempts. However, some of the headlines used by hackers manage to fool a lot of experienced IT pros.
Emails aren’t the only place where tech professionals show their vulnerability. Messaging portals in spaces like Facebook and LinkedIn have become prime targets for scammers, especially as traditional email providers step up their protections. In fact, both platforms had the highest success rate for phishing scams when they were included in an email subject line at 28 percent and 55 percent, respectively.
It’s hard to imagine how the people charged with keeping company systems safe end up ensnared in these schemes. Security-minded individuals become so comfortable in their knowledge of suspicious emails and technology in general that it makes them less careful. They’re prone to quickly scanning and clicking emails and messages without absorbing the information. It’s already too late by the time they realize their error in judgment.
Phishing email headers that include words like “Request,” “Follow-Up,” and “Urgent/Important” tend to have a higher click rate, especially if it seems they come from a colleague or high-level executive. Victims often feel compelled to respond quickly out of fear of not delivering on job expectations. They also worry about costing the company money by failing to follow through on requests related to finance and payments.
The manipulation of that social element can have the same effect on tech workers. They’re more likely to respond quickly to a request that seems to come from a company vice-president. No one wants to be the person preventing them from getting back to company business.
Let’s look at some of the headlines used to fool regular users and IT professionals.
There’s no one step a business can take to prevent someone from falling for a phishing scam. It pays to use a multi-pronged approach to blocking and dealing with suspicious emails and websites targeting company workers.
Tools like SPAM filters, mock phishing practice scenarios, and web filters to block malicious websites should be a priority. It also pays to encrypt sensitive company information, making it harder for employees to share the data with anyone. That goes double for telecommuters who must log into company systems remotely from different devices.
Businesses should initiate company-wide security initiatives and enforce them consistently. Make sure IT employees understand that their knowledge doesn’t leave them immune to these types of attacks.