Why launch a frontal attack on a fortress when you can convince somebody to let you in the back door?
It's not just newbies. Even technology sophisticated users can be snared. That's because some people just can't help themselves, says Dave Amsler, founder of Foreground Security. They see a link and they have to click it. Like KnowBe4, Foreground does pre-emptive security screening for clients, sending out fake phishing emails to a select group of employees, determining who clicked the links, and then following up with training on how to avoid becoming phish bait.
"But there was this one guy guy just kept clicking the links, year after year," says Amsler. "Even after he was trained repeatedly not to open attachments or click on links. One year, when he wasn't part of the test bed, someone forwarded the bogus email to him. Naturally, he clicked on it."
The company eventually had to let him go, says Amsler. His job? Software developer.
Are you smarter than Google?
What's both fascinating and frightening to me about this story is how interconnected everything has become. One person screws up and gets duped by a bogus email, and half a planet away the New York Times goes down.
The moral here: You're not putting yourself at risk by being naive or stupid or just curious; you could be risking the rest of us.
Remember, when Google got pwned by Chinese cyberspies in 2011, it was from a phishing attack. If it can happen to brainiacs at Google, it can happen to me or you.
Sign up for CIO Asia eNewsletters.