Misspelled words and bad grammar are tell-tale signs of phishing. Why don’t phishers learn spelling and grammar? Can’t they afford a copy of Strunk and White?
Phishers don’t need to spell better because their poorly-written schemes still fool enough people. It’s just math for the phishers — a numbers game. If you handle IT security at your organization, don’t assume that people won’t fall for obvious phishing scams — they do. That’s why it is essential to train people — again and again.
Why do phishers waste their time with such obvious phishing scams when they can do so much better?
One possible answer: They don’t have to do better. They send out so many emails that they only need a very low percentage of people to click. And people always do. In fact, if phishing emails became more effective, phishers might get too many clicks and might not be able to process it all!
To break into an organization, all the phishers need to do is to catch just one person. They don’t need to overphish the seas. Victims are plentiful enough!
Don’t assume that people won’t fall for obvious phishing scams — they do. That’s why it is essential to train people. I am pleased to announce that TeachPrivacy now is offering a phishing simulator service. We’ve teamed up with QuickPhish to provide a platform where organizations can conduct simulated phishing exercises for their workforce. A great way to teach people not to fall for phishing emails is through direct experience. When people wrongly click, our training can follow to teach them how to improve.