It’s Cybersecurity Awareness Month, and this week’s theme is an alliterative reminder: Fight the Phish!
Unfortunately, anti-phishing advice often seems to fall on deaf ears, because phishing is an old cybercrime trick, and lots of people seem to think it’s what computer scientists or mathematical analysts call a solved game.
Tic-tac-toe (noughts and crosses outside North America), for example, is a solved game, because it’s easy to create a list of every possible play, and figure out the best possible move from every game position on the list. (If neither player makes a mistake then the game will always be a draw.)
Even games that are enormously more complex have been “solved” in this way too, such as checkers (draughts)…
…and in comparison to playing checkers, spotting phishing scams feels like an easy contest that the recipient of the message should always win.
And if phishing is a “solved game”, surely it’s not worth worrying about anymore?
Simply put, the phishing “game” only has two moves: the scammers always play first, trying to trick you, and you always get to play second, after they’ve sent out their fake message.
There’s little or no time limit for your move; you can ask for as much help as you like; you’ve probably got years of experience playing this game already; the crooks often make really silly mistakes that are easy to spot…
…and if you aren’t sure, you can simply ignore the message that the crooks just sent, which means you win anyway!
How hard can it be to beat the criminals every time?
Of course, as with many things in life, the moment you take it for granted that you will win every time is often the very same moment that you stop being careful, and that’s when accidents happen.
Don’t forget that phishing scammers get to try over and over again.
They can use email attachments one day, dodgy web links the next, rogue SMSes the day after that, and if none of those work, they can send you fraudulent messages on social networks.
The crooks can try threatening you with closing your account, warning you of an invoice you need to pay, flattering you with false praise, offering you a new job, or announcing that you’ve won a fake prize.
They may pretend to be your ISP today, they may masquerade as Apple iTunes tomorrow, and yesterday they might have said they were a courier company trying to deliver your latest online order.
In contrast, you only have to make one mistake for the crooks to win.
You might be tired, or in a hurry, or simply get caught up in an unlucky coincidence where the subject of a phishing message happens to match up with something you just did online.
Phishing isn’t a “solved game” after all, and phishing scams are still the main way that crooks get their first toe over the threshold in online cyber incidents such as ransomware attacks.
If you need any help with your IT security or suspect your system is compromised, don’t hesitate to contact us at JohnCruzIT.