Google put out a fascinating white paper on phishing attacks. No, it has nothing to do with a great jam band. If a title like Handcrafted Fraud and Extortion: Manual Account Hijacking In The Wild doesn’t get your attention, you’re not curious enough! It’s an interesting study on how online accounts are hijacked, usually leading to financial losses, stolen identities, and lots of other bad stuff.
The short version is that it’s basically human engineering – no fancy software involved. Taking advantage of people’s good natures, thieves mislead the recipients of their emails to give up details such as account login credentials or bank card information. Yes, there may be fake web pages involved (you DO know how to spot a fake, malformed URL, right?) but most of how these thieves hack in is based on ignorance, laziness, or both.
What can you do about this? Google recommends you should report suspicious-looking messages and you should type in URL’s to visit websites directly to login, rather than clicking through a link in your email program. As it turns out, there is also a pretty effective method for combatting phishing attacks called 2 step authentication. Most platforms – Google, Facebook, Twitter, and others – use it and you should activate it for your accounts. It means you’ll get a code texted to you which you must input to log in. Does it add 15 seconds to a log in? Yes, but it makes it extremely difficult for someone to hack your account unless they steal your phone too. As the study shows, device theft is not at all a prevalent issue for hacking and this method has allowed Google to stop 99% of hijackings in the last few years.
It’s a good business lesson too. We should spend more time thinking about systems that will prevent issues. I suspect many of us think a lot about backups to repair damage but not enough about how to prevent it in the first place. It may not be technology or software we need. As with phishing, a bit of training and a heightened awareness of potential threats to the business can prevent a lot of fixing later on.
You agree?
Consult Keith 