Why we'll never stamp out spear phishing
As long as humans sit at computer screens, there will be infected computers. There’s just no end to people being duped into clicking links that download viruses.
A report by The Register, a U.K. publication, described how test subjects, unaware that they were guinea pigs, fell for a phishing experiment:
- subjects were sent a Facebook message or an email from an unfamiliar sender who claimed to have images from a New Year’s Eve party, and warned the recipient not to share them;
- 43.5 percent of recipients clicked the Facebook message link and one-quarter clicked the email link;
- 16 percent of the recipients who clicked on the message claimed that they knew the sender even though they did not;
- many of the recipients denied clicking on a link; of those who admitted it, most named curiosity as the reason; and
- 5 percent claimed that they thought it was safe to click a link because their browser would protect them from an attack.
There will always be a percentage of humans who will always allow curiosity to preside over common sense and logic. Never, never, ever clicking a link in an email is an impossible feat for them — perhaps more difficult than quitting smoking or losing 50 pounds.
This is the difficulty that businesses have with their employees, and it's how businesses get hacked and suffer massive data breaches.
The report said, too, that rigid training of employees can backfire because valid emails might then be ignored.
There must be a way to get around this, though — perhaps a phone call to the sender for verification if the company is small. Or, at a large business, perhaps executives could just resort to the old-fashioned method of reaching out to employees. How was this done before the World Wide Web was invented?
Digital signing of emails has been suggested, but this, too, has a drawback: Some employees might misinterpret signatures.
This doesn't mean that security training is all for naught. Research has proven that ongoing training with staged phishing emails makes a big difference.
Unfortunately, there will always be those people who just can’t say “no," even to something as mundane as images from a New Year’s Eve party from a sender they’ve never heard of.