We all know that phishing emails are fake emails that we need to identify to thwart their consequences. In the disguise of known senders, cybercriminals often send them to persuade us to take action we otherwise would dismiss. It may include convincing us to give out passwords, send money, or run dangerous programs. Along similar lines, Rick Wash believes trusting our instincts is the answer to identifying phishing emails. For the record, Rick is an associate professor of information science and cybersecurity at Michigan State University.
Do you want the workforce and expertise to respond and remediate to cyber incidents and breaches swiftly? Get a subscription to Lifars Cyber Resiliency Program.
The Research by Rick Offers an Insightful Perspective
According to the research conducted by Rick, cybersecurity experts, like most people, also assumed phishing emails as authentic. Initially, they took everything in the email message at face value. As they read, however, cybersecurity experts began to notice small things that appeared unnatural. For instance, among other things, a professional email contained typos, or they detected an absence of typos from a busy executive. Also, they observed a bank providing account details in an email message and someone unexpectedly emailing them without using the person first.
But remember that the answer to how to identify phishing emails is not enough by picking up the signs mentioned above. With the email message, they would also become uncomfortable. Cybersecurity experts would become suspicious after seeing something in the email that reminded them of phishing. They would come across an anomaly such as a link, and the email lured them to click on it. For them, it is something rife in phishing emails.
Consequently, the reminder, coupled with the uncomfortable feeling, engrossed them to realize phishing emails might explain the strange things they noticed. And only after that do they become suspicious and begin the investigation to identify the truth behind it.
The Challenge for Ordinary People
It is not the weird things alone in an email that tells people they are dealing with phishing. Naturally, we all tend to get emails a bit off. It may be because somebody is in a hurry, or maybe because someone is feeling blue. The challenge is to remember that phishing exists. More so, it is to recognize that the strange things you see in an email might indicate phishing. Otherwise, we can risk neglecting the weirdness of phishing emails by considering it an everyday phenomenon.
Rick has also found the importance of stories regarding phishing after he interviewed many regular people. He claims that people who could notice phishing emails had heard specific phishing incidents in the past. Thus, people familiar with specific phishing incidents are likely to remember phishing generally. They can identify the weird things in an email such as its explanation.
The research uncovered that people are skillful at the initial two steps. These include noticing weird things in the email message and becoming uncomfortable. But note here that rather than considering technical details, most people either communicated with the sender or reached others for help. In any case, they could still recognize whether the email referred to a phishing attack.
Phishing email scams come in all shapes and sizes. Besides, cybercriminals design them cleverly to exploit the emotional reactions and natural tendencies of victims. So, the question is, how to identify phishing emails? Well, it is common sense or your instincts that can go a long way.
Do you want to equip yourself or your employees with the tools and resources to become active participants in the cybersecurity process? Get advantage of our Cyber Resiliency Training.