KnowBe4: What’s that lurking in your Inbox?

Not to be too much of a scaremonger this All Hallow’s E’en, but Evil is everywhere!

Yes, it is, and you don’t always recognise the Devil in Disguise.

Elvis Presley Devil in Disguise vinyl single

No, not that one.

Sometimes, Evil disguises itself as something familiar or trustworthy, lulls you into a false sense of security and tricks you into doing things you’ll regret – leaving the devil in control and able to let his little demons run riot in your work, your business and your life. The fallout of this most foul, egregious activity can be difficult to reverse and hard to completely destroy.

So be afraid. Be very afraid. And ask yourself this:

Can you recognise Evil when it shows itself?

Wizard of Oz man behind the curtainCurtain? What curtain? Pay no attention to that man behind the curtain!

Ok, you got me. I’m being theatrical – got led astray by that weird clown in the cupboard. Well, he did give me a balloon.

But hammy though it sounded, ’twas great wizdom I spake. There are dreadful, ghastly, loathsome beasts out there. There are probably some on their way to you now. They find you at work, at home, on your phone … wherever you go!

Would you care to hazard a guess at the foul, ubiquitous Evil whose name I shall now dare to utter?

That’s right: Spam.

Spam. Junk. Not to put too fine a point on it: Phishing.

Those unsolicited messages with duplicitous links and dangerous attachments. We all get them. A lot. And the level of sophistication and credibility increases every day.

Yeah, ok, there are still rubbish ones with ‘E-Mail from Ammazon’ in the subject line, and others casting aspersions on your moral integrity or sexual prowess. But for every ten of those, you’ll see one that really looks like it’s from DHL or your bank. Many will have your full name, email address and possibly even a password you’ve used before to persuade you to believe them. The links in them look like real links, but they don’t take you to the place you’re expecting, even if that destination has the right design and branding on it.

These sophisticated emails can be very convincing, especially to people who have less experience of emails and messaging in general. I know the older members of my family contact me frequently to ask my advice about whether a message is spam or not.

Worried manAt least, I think they’re my family members …

They all think I’m paranoid

But then, you’re only paranoid if they’re not really after you. Unfortunately, if you use email, SMS messaging, Skype and any number of other services, there are always Agents of Evil trying to get you to look, interact, and most importantly, click. And when you click and engage, you can open the floodgates. The Gates of Hell … yes, ok, you get the point.

Why not just stop the emails arriving?

Email is a technology that hasn’t changed much since it came into being over 40 years ago. It’s a little naïve, bless it, and it usually does very little verification that a message really is from the source it says it is. There are some mechanisms, such as DKIM and SPF, that have been introduced over the years to back-fill these shortcomings, but anonymity is a fundamental flaw in the technology. If it was invented today, it’d be a lot less open.

Your email probably has some level of Spam or Junk Filter, which attempts to scan the content of messages for particular phrases that are commonly used by such messages. Some even blacklist certain IP addresses. These help, but again, they’re never perfect.

Defeating the foe

So a healthy dose of paranoia with a chaser of skepticism are the weapons we can use against these diabolical fiends. And the good news is that such web-wise wariness can be taught to you and your colleagues!

Your Defence Against the Dark Arts is completed through education and habit-forming to create a Human Firewall approach. Learning to recognise when something looks suspicious, using the tools at your disposal to check details and links before you act on them or click. The Human Firewall Approach is how Security Awareness Training service KnowBe4 describes increasing peoples’ shrewdness. They do this through a continuous process of testing, analysis and training.

The best way to test someone’s susceptibility to phishing is to emulate it. So KnowBe4 designs emails and corresponding websites, just like the phishers do, but they’re just to test to see whether an individual will be taken in by the email and how far they will be led astray. Using this technique, the individual can be identified and training targeted to help them recognise and act appropriately when faced with the threat.

We think this is a great idea, and, when combined with other technologies like Malwarebytes to scan and prevent malware in emails and messages on your devices, OneSpan 2-factor authentication to make logins more secure, and Becrypt’s range of Data Protection technologies to secure your digital environment, you can make life very hard for the Devil. However impressive his disguise.

Devil cropped

Ok, this one’s a rubbish disguise

For more information about KnowBe4 Security Awareness Training or any of the technologies mentioned above, please contact us or click on them to see our detailed pages about them.