October is National Cybersecurity Awareness Month. Here at NASB, we understand the importance of creating awareness of cybersecurity risks and your actions to help protect yourself and your family.
Phishing continues to be the biggest threat, and cybercriminals take advantage of the unconscious processes that we all use to make decisions. Nearly 800,000 people fell victim to cyber-scams in 2020 (FBI Internet Crime Complaint Center), a significant increase from 2019, with billions of dollars in losses.
You wonder how could so many people be tricked by a phishing email? Blame our “lizard brains,” where criminals lure smart people by taking advantage of cognitive biases; the brains attempt to simplify information processing and be more efficient. “Cybercriminals will do anything they can to trigger the lizard brain,” says Kelly Shortridge, a senior principal at Fastly, a cloud-computing-services provider. These cognitive biases cause us to misinterpret information and make quick judgments that can be inaccurate or irrational. For example, bad actors will use things we are familiar with, such as corporate logos, or impersonate a colleague, executive, or friend to get us to quickly click a link, provide confidential information, or wire money.
When reading an email, don’t be rushed. Take the time to look at the email to ensure it is valid carefully; trigger your philosophy brain and not your lizard brain. Here are eleven red flags to look for in your emails before clicking or providing anything:
- Sense of urgency and time constraint
- Fear of losing money or winnings
- Requests to verify accounts or credit card numbers
- Communication from services you do not use
- PDF attachments from businesses
- Generic email provider
- Poor grammar and spelling
- Confirmations that lack details, such as delivery locations or travel dates
- Any emails from the IRS
- Unexpected and out of character emails from people you know
- Files or links that require you to download additional software to view them
- Unfamiliar links, or close but not quite right links
For more information regarding Cybersecurity Awareness Month, click here.
