Cybercriminals are regularly presented as twisted geniuses by the popular media, beavering away in dank basements constructing the latest malware to mess up critical national infrastructure or honing code to break into bank accounts and steal millions.
The truth is, of course, often somewhat less dramatic. The simple truth is that you don’t need to build a sophisticated attack to trick the typical computer users into clicking on a dangerous link or attachment. You just need to dress it up as something alluring (a naked video of Natalie Portman or a bill for an air ticket you never purchased would probably do the job, for instance)
And sometimes, you just need to ask users a question with a straight enough face. If you’re bold and brazen enough, you might just get away with it.
Take this elementary phishing attack that was seen by a Naked Security reader late last week, for instance.
Yes, there are typos and inconsistencies in the way that words are spelt in the email, and anyone who pauses to breathe before responding hopefully realises that the one thing Gmail should be able to tell is whether your email account is active or not.. All they have to do is see when you last logged in or read an email, right?
But there will be a small percentage of the public, perhaps those who are not as IT-savvy, who might worry that they will lose access to their precious Gmail account and respond without thinking.
It’s easy to say that people who fall for an elementary phishing attack like this deserve everything they get, but I find that opinion rather hard-hearted. We should all ensure that friends and family who might be vulnerable – even to unsophisticated attacks like this – are briefed about the threats and helped to avoid them.