Lesson One: Don’t Click On IT!
Phishing attempts are prevalent everywhere: I’ve seen the most creative excuses for getting private information stolen. Those gems never cease to amaze me. Sometimes… ok, most of the time, I feel the thought process of my our customers is something like this:
But seriously, people generally fall into the following neat categories when dealing with clicking remorse:
- The gullible: “But Thunderbird didn’t tell me that it was that fish email.”
- The apologetic: “I’m so sorry, I had no idea that this was a bad email. I don’t think I’ll be able to sleep at night knowing I’ve done your IT department wrong!”
- The defensive: “I didn’t do anything. I never give my information to anyone. Someone else must have given out my password. I’ve never had this happen, ever. Maybe my wife gave it out.”
- The sheepish: “I cannot believe I just did that. *face to palm*
There are a few cases where I feel such empathy for users, I just want to read their email out loud for them to prevent phishing from happening. We’re very familiar with those cases: the elderly, those who face language barriers, and those who don’t use technology as obsessively as I do. I’ll even do creative email reading interpretations. That’s not very possible, so we have to take precautions.
So, how do you protect yourself then from phishing? Don’t click on it. If it looks real and asks for your password it’s a phishing attempt. If it says it came from the “Master IT Desk” and it needs you to “confirm” your password, it’s a phishing attempt. Just. Don’t. Click.