You know not to click on links in sketchy emails

Everybody knows that. And yet, people fall for these phishing attacks all the time. Case in point: The FBI suspects a phishing email is how the Russian hackers who were indicted this week got into Yahoo. Ditto for the breach of the Democratic National Committee, and the Sony Pictures hack. In fact, there’s currently a Gmail phishing scam going around that even super savvy techies are falling for. Phishing scams work by tricking you into clicking on a link or attachment that either infects your machine with malware or takes you to a page that looks totally legit, but isn’t and is designed to steal your private information. According to the the Anti-Phishing Working Group, 100,000 new phishing attacks get reported every month, and thousands of people fall for them. But you are smart. You can increase your chances of avoiding phishing scams if you follow these three steps and, above all, remember that when it comes to your email you can’t really trust anything.

“At the heart of phishing is a scam,”

says Aaron Higbee, chief technology officer at the phishing research.and defense company PhishMe “The people who are sending a phishing email have to be clever email marketers to get a user to engage.” Often they do this by preying on your emotions. That’s why the most important thing experts recommend is to listen to your gut. When something feels off, it probably is. But since the whole point of phishing (and its more tailored and targeted counterpart spear phishing) is to get you to do something without raising alarm bells, you need to practice skepticism even when things seems fine. You should be generally reluctant to download attachments and click links, no matter how innocuous they seem or who appears to have sent them. “We’re conditioned to try to help people and be nice. You don’t want to seem rude or defensive,” says Trevor Hawthorn, the chief technology officer at Wombat Security, which works on phishing and security awareness. “But one of the most important things people can do is when something is being asked of them, when there’s some sort of call to action, think about the context of what the sender is asking you to do. If there’s a sense of urgency that’s when I would be a smart skeptic and slow down.” This takes practice. Wombat has found that when people do consistent anti-phishing training—say, once a month—they are better at avoiding phishing links than when they haven’t had lesson in a few months. Your job may not offer a phishing prevention program, but you can still work to be skeptical about all your email all the time. It’s easier said than done, but keeping that attitude in mind can only help.

Consider the source...

“We’re conditioned to try to help people and be nice. You don’t want to seem rude or defensive,” says Trevor Hawthorn, the chief technology officer at Wombat Security, which works on phishing and security awareness. “But one of the most important things people can do is when something is being asked of them, when there’s some sort of call to action, think about the context of what the sender is asking you to do. If there’s a sense of urgency that’s when I would be a smart skeptic and slow down.” This takes practice. Wombat has found that when people do consistent anti-phishing training—say, once a month—they are better at avoiding phishing links than when they haven’t had lesson in a few months. Your job may not offer a phishing prevention program, but you can still work to be skeptical about all your email all the time. It’s easier said than done, but keeping that attitude in mind can only help.

Source: https://www.wired.com/2017/03/ phishing-scams-fool-even-technerds-heres-avoid/