Why Humans are the Weak Link in the Phishing Chain

Gaining access to someone’s email account is like gaining a back door into their entire digital life.

Think about it; your inbox is where you receive password reset notifications, supplier invoices, confidential communication, and personal data. If a hacker manages to tap into your inbox, they can cause havoc.

Fortunately, we live in a world that features some incredible technology designed to keep hackers away from our digital lives. But we also live in a world full of humans, and they’re usually the weak link in the phishing chain.

Here’s why.

  1. We receive a lot of email

By the end of 2019, there are expected to be 2.9 billion email users world-wide.

The same research from which that colossal figure emerged also reveals that 269 billion emails were sent every day back in 2017.

So, we receive a lot of email.

So much, in fact, that it’s becoming increasingly hard to spot dodgy messages. Equally, when faced with a huge inbox full of unread messages, few people are going to have the time and energy to put their cybersecurity hats on and be as diligent as they should be.

We’re all too busy for that, right?

  1. People are, on the whole, trusting

Human beings are, generally, a nice bunch. There are of course some exceptions to that rule, but most people will trust others, even in this world of high-profile data breaches and cybercrime.

If an email arrives from a source which looks genuine and refers to something you’re aware of (a supplier invoice, for instance), is it really your fault if you accept it at face value and click the ‘Pay Now’ button?

  1. Phishing techniques are becoming more sophisticated – and believable

There was a time when phishing emails were easy to spot. Poor spelling, bad grammar, and pixelated versions of official logos would be enough of a giveaway for most people to consign such messages to the bin (if the spam filter didn’t get there first).

Now, hackers are getting more skilled and more cunning. Grammatical issues are becoming less common, more official looking graphics are used, and the following techniques are becoming more commonplace:

  • registration of similar domain names (for instance, ‘abccompany.com’ versus ‘abccommpany.com’)
  • hacking of supplier email accounts
  • fake, precisely timed follow-up emails
  • forged PDFs

The above techniques are more difficult to spot and are even capable of fooling technology – they demand a good working, up-to-date knowledge of cyber threats.

  1. We click ‘next’ without thinking

There are lots of ‘next’ boxes in modern life. Think about it: how often have you clicked ‘next’ several times while undertaking a digital task you’re used to?

Such tasks become overly familiar and, consequently, people trust them. But, what if a hacker intercepts one of those ‘next’ steps and places a trap into which you can inadvertently fall and end up handing over important data?

  1. “It’ll never happen to me”

Cybercrime always happens to someone else, doesn’t it?

Only, that isn’t quite the case. Figures released by the UK Office for National Statistics revealed there were an estimated 4.5 million cybercrimes committed in the year ending March 2018.

Most of us are hit with a phishing attack every week (if not every day). It’s just that our spam filters do a great job at preventing most of them from entering the inbox.

But what if one slips through? What if one or a combination of the increasingly sophisticated cybercrime techniques noted above are used? Can you be sure you won’t be fooled?

The answer?

You won’t change human nature. Your staff will always be susceptible to the smartest, cruellest phishing scams. They’re nice people and nice people can sometimes be fooled.

That doesn’t make them any less proficient at their jobs or you a failure as their manager – it just means you all need some assistance with becoming more cyber-aware, and that’s where the team at Compex IT comes in.

We can help you to prevent a huge amount of hassle and expense.

Get in touch to find out how we can help your business.