Don’t talk to strangers

This childhood phase is something our parents ingrained in us and in turn we preached the same to our younger siblings, nieces and nephews or children.  Between my mother’s warning remarks and one too many watched episodes of Law and Order I always have my guard up if a stranger starts a random conversation with me on the subway. However, if a stranger approaches me via social media such as a friend request, a follow or a connect on LinkedIn I am much less hesitant. I will most often connect with a person over social media if we have a common connection or interest.

Why is it that? Psychology! We tend to overestimate risk we can’t control. Social Media and the internet feels to be in my control, I can un-friend or un-follow someone but a stranger conversation on the subway feels more confining. When person approaches me on the subway platform I get nervous because my learned behavior triggers a flight response – I don’t know the person, something seems off and my instinct is to walk away as to avoid being robbed (lets’ say). A stranger on the internet seems less threatening because they are not physically in front of me. In reality it is easier for a hacker to open up my computer and steal from me than it is for the robber on the subway.

Would you let a stranger into your house? Of course not.  But often, without knowing, we welcome hackers into our computers. The internet gives them the facade of security and control but if we don’t keep our guard up the internet can be a place where hackers prey on a sense of security. This usually happens through phishing. We get an email that looks legitimate, click on a link in the email and enter information without even knowing the email is a phishing attack.

The Anti-Phishing working group recently issued a report based on a web vulnerability survey. The findings from this survey are a bit alarming – most companies that have been compromised by a phishing attack are unaware their website has been compromised.  For example you get an email from what appears to be your bank with a link to the new and improved online banking website. You click on the link and sign into what appears to be your online banking.  You enter your information without knowing it is a scam. You never get a notice from you bank describing an attack so you never think to change your passwords and a week later $1000 is missing from your checking account and there is a charge for a flight to Fiji. Ok this story may sound dramatic but it is a real risk. Phishing attacks are on the rise but people are unaware that these attacks are happening to their companies. We need to start paying attention to what is happening in our inbox and our company. An ounce of prevention  can go a long way.

This entry was posted in Spear Phishing. Bookmark the permalink.

Comments are closed.