Phishing is by far one of the most common forms of cyber-attacks. Even with the increased security locking out most malicious emails, it is simply too easy for someone to make a mistake and open a suspicious message. Knowing how criminals utilize phishing can help prevent breaches, especially when one keeps in mind the five major factors that go into a phishing scheme: timing, emotional status of the target, tone of the language used in the email, social media exposure and state of mind.
First, timing is a major problem for cybersecurity. When people think that cybersecurity is solely the responsibility of IT, they are more likely to fall victim to phishing during specific times of the year. Hackers take advantage of people who are more sensitive to seasonal messages, such as tax related messages during March and April. As for the emotional status of the target, phishers often target people who are especially stressed, either through social media or by assuming that someone in the office is in a negative mental state. For the tone of emails, they often use ‘clickbait’ titles to create emotional responses or urgency, creating a desire to click to see the rest of the information. On the social media front, phishers will typically do research on employees who overshare on social media to craft tailored emails that will get clicks. And state of mind refers to the fact that when people are exhausted or stressed, they are more likely to click on a suspicious email. The biggest threat that companies face today is the prioritization of technical security, as employees tend to be the weakest link in cybersecurity, with the best way to improve security being to train employees to be constantly vigilant.