Learn more about the kind of email phishing headlines that end up fooling the smartest tech professionals, and how you can better protect your business.
Any tech professional worth their salt understands the damage wrought by unsuspecting users clicking on links inside “phishing” emails. It’s not surprising when tech-challenged individuals end up getting sucked in by today’s social engineering attempts. However, some of the headlines used by hackers manage to fool a lot of experienced IT pros.
Emails aren’t the only place where tech professionals show their vulnerability. Messaging portals in spaces like Facebook and LinkedIn have become prime targets for scammers, especially as traditional email providers step up their protections. In fact, both platforms had the highest success rate for phishing scams when they were included in an email subject line at 28% and 55%, respectively.
How Do Experienced Tech Professionals End Up Getting Fooled?
It’s hard to imagine how the people charged with keeping company systems safe end up ensnared in these schemes. Security-minded individuals become so comfortable in their knowledge of suspicious emails and technology in general that it makes them less careful. They’re prone to quickly scanning and clicking emails and messages without absorbing the information. It’s already too late by the time they realize their error in judgment.
What Makes a Phishing Headline Successful?
Phishing email headers that include words like “Request,” “Follow-Up,” and “Urgent/Important” tend to have a higher click rate, especially if it seems they come from a colleague or high-level executive. Victims often feel compelled to respond quickly out of fear of not delivering on job expectations. They also worry about costing the company money by failing to follow through on requests related to finance and payments.
The manipulation of that social element can have the same effect on tech workers. They’re more likely to respond quickly to a request that seems to come from a company vice-president. No one wants to be the person preventing them from getting back to company business.
Let’s look at some of the headlines used to fool regular users and IT professionals.
- Requests for password changes
- Deactivation of Microsoft Office email service
- Setting up employee raises for HR
- Document sharing using a secure server
- Lack of internet service due to scheduled server maintenance.
- Address needed for FedEx delivery
- Locked company Twitter account
- Complete steps for Google service
- Error with Coinbase
- Closed company bank account
How Can Businesses Upgrade Their Current Phishing Protections?
There’s no one step a business can take to prevent someone from falling for a phishing scam. It pays to use a multi-pronged approach to blocking and dealing with suspicious emails and websites targeting company workers.
Tools like SPAM filters, mock phishing practice scenarios, and web filters to block malicious websites should be a priority. It also pays to encrypt sensitive company information, making it harder for employees to share the data with anyone. That goes double for telecommuters who must log into company systems remotely from different devices.
Businesses should initiate company-wide security initiatives and enforce them consistently. Make sure IT employees understand – their expertise doesn’t leave them immune to these types of attacks.