CyberheistNews Vol 9 #49 [Heads-Up] In Just 3 Months, Google Alerted 12,000 People About Phishing Attacks by Nation-States
Perry Carpenter, KnowBe4's Chief Evangelist Strategy Officer wrote: "As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, I’d received a number of simulated phishing, attempted real phish, and I’d even run my own simulated phishing programs and done extensive research on how cybercriminals trick us into clicking.
So, there I was feeling pretty confident in my own abilities when the unthinkable happened. I clicked. And it wasn’t just a one-time thing. I clicked on three simulated phishes over a two-month timeframe. I remember the feeling that came over me when I clicked the phish and got the big “Oops” page. I couldn’t believe it. I tried to rationalize and make excuses for myself. I was embarrassed and questioned everything I thought I knew about my so-called expertise.
Let me back-up for a second. Here is one critical piece of information: each of these clicking events was on my mobile device: my phone. On my laptop/desktop, I still managed to ferret-out any simulated phish sent my way — I had great habits that I’d honed over nearly two decades of everyday email use. But I had to face the fact that my mobile mindset and hygiene was lacking.
In each of the three scenarios, I was in a hurry, between errands, and traveling. And, each time, the phish’s pretext felt plausible: a message about an issue with my benefits (remember I was a new employee), a missed call/voicemail notification while traveling, and a fake Google Calendar invite.
After that humbling series of wake-up calls, I decided that I needed to make some drastic changes. I realized that the nature of mobile is inherently difficult. I needed to be much slower and more intentional to check links AND I needed to create a habit for myself to never react to a link in an email on my mobile if there is an app that will allow me to perform that same action (e.g. Ring Central, Google Calendar, LinkedIn, Twitter, etc.). And also, if I’m ever in doubt about an email, I wait until I get to a desktop/laptop before making a judgement as to if the message is safe or is a threat.
This also helps to put me into a different frame of mind and removes a bit of the reactiveness/urgency. Those new habits have helped me remain “click free” ever since (over 2.5 years so far!). So, here are the simple changes I made to clean-up my mobile hygiene." Continued at the KnowBe4 Blog:
https://blog..com/click-confessions-of-a-security-expert
Gloss