by Daniel J. Solove
Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check. Why are we still seeing the $10 million lottery winning emails? Or the long lost relative of yours living in Fiji who is leaving you $4 million?
A recent article explains that for the phishers, it is all a numbers game:
“So, if 97 per cent of phishing attempts are unsuccessful, why is it such a large issue? Because there are 156 million phishing emails sent worldwide daily. . . . Of the 156 million phishing emails sent daily, 16 million get through filters. Another eight million are opened by recipients. 800,000 click on the link provided, and 80,000 provide the information requested.”
And there you have it! This numbers game works for reproduction and natural selection, so why not phishing too?
Just hope that one of the 80,000 isn’t an employee at your organization! You can guess my answer for how to prevent this from happening — phishing training! The solution to the phishing equation is simple: The more you train, the less the pain.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.