The word of “fake news” has been spread around like wildfire lately, especially since the recent election. It might seem harmless, but frequently these fake news stories can go viral, spreading misinformation to millions of people. It is usually easy to spot fake news, if you look at the source, but there are so many people who don’t know how to identify credible sources, and they may believe most of what they read.
Email phishing is a similar online scam, and it can go hand in hand with fake news. At my corporate job, our IT department is almost always sending out alerts and information on how to spot phishing emails, yet someone always ends up clicking the dreaded links. More and more companies are putting their employees through Security Awareness Training, to try and avoid phishing scam issues in the future. Michael Levin from The Center for Information Security Awareness (CFISA) was kind enough to answer some questions on this training, and why it is smart to take this preventative measure.
How has fake news impacted the public in this day and age?
The term “fake news” has now become a frequent topic in the daily news due to allegations in the political arena. However, claims of fake news have been around for at least half a century, notably rising in prominence in tabloids.
As a consumer of news, we expect that the author has conducted appropriate fact checking and proper multiple verification of sources prior to releasing the article. We expect that the news we read will provide information in a format that is; objective, accurate, truthful, impartial and fair.
But unfortunately, this is NOT always the case, and we should become smarter consumers of this information. Fake news stories online can be used to attract unsuspecting users to spread malware, fraudulent schemes, or even more sinister purposes such as political propaganda.
Why do websites put out fake news in the first place when it would be so simple to discredit them by providing factual news?
The motivation of a fake news article could be any of the following:
- Sell more newspapers or magazines
- Political propaganda to promote opposition agenda
- Advertising clicks or spam
- Fraud including phishing scams
- Spreading of malicious code and viruses
Consumers are having more and more difficulty recognizing the fake news articles and sites because they look so convincing. Often, the fake news sites have misleading URLs that look almost legitimate but are counterfeit. Official looking “blog articles” could appear to be a news article when it is really just the author’s opinion.
How does your Security Awareness Training help people identify what is fake and real news?
Cybercrime is the fastest growing crime in the world and every day businesses are being attacked in new ways. Many of the same principles and best practices taught in security awareness training are very relevant to help us in determining fake news articles that come to us in various ways on the Internet.
Training employees to look at the URL and consider the source is a start. There are various ways to verify the content of news articles and determine the motivation of the website or author. The safest approach in dealing with all news articles is to verify the story independently prior to clicking on the links. It just takes a few seconds to open a browser window and conduct a search on the headline to verify.
The CFISA security awareness training helps to reduce the risk and serves to remind employees of security best practices. Ongoing training will keep employees thinking about security on a regular basis that will help to reduce business and personal risk.
How is email phishing similar to fake news?
The motivation and purpose of a phishing email and a fake news article could be the same. Both are popular with cyber criminals as an easy way to trick someone into clicking on a malicious link or attachment. In both cases the information appears to be legitimate and reputable and are designed to trick the victim.
Both phishing email messages and some fake news articles will spoof URL’s and email addresses that send the victim to a fraudulent website. They often provide real looking URL’s that can be close to the legitimate site or spoofed.
In what ways do email phishing scams try to harm an individual, or steal information?
Phishing scams come at us in many ways. Right now, one of the biggest cyber security risks to all businesses and to our personal devices and computers is “ransomware”. Ransomware is a form of malware that basically locks down the victim users’ system and files until a ransom is paid.
This type of malware usually can come via a phishing email and has a link or attachment payload. Ransomware can also be downloaded when visiting malicious or compromised websites as in the case of some fraudulent fake news sites.
Does email phishing commonly threaten the security of large companies? How so?
Phishing is clearly the number one risk to the data security of large companies. When large businesses fall victim to phishing scams, this causes catastrophic damage to brand and reputation. When customer information is stolen in a phishing attack, customer confidence in the business is lost.
Employees are the first line of defense to prevent phishing attacks and can be targeted every day. Security awareness training is a cost-effective way to reduce risk and keep employees aware, engaged and involved.
How does Security Awareness Training help protect both an individual and a company from phishing scams?
The CFISA security awareness training stresses the importance of slowing down when handling email and conducting research before we randomly click on email links and attachments. Email messages from names you recognize pose the biggest risk. This means we sometimes should independently verify an email prior to clicking on links or attachments. We should utilize the same best practices when reviewing the validity of news articles.
When new scams are launched, ongoing alerts and training help employees to protect their workplace and families. The CFISA security awareness training is relevant to both work and home security best practices. Our training also helps employees to understand the reason behind day-to-day policies and procedures that are relevant to all organizations.
How does the Security Awareness Training save a company time and headaches in the long run?
Recent studies have shown that approximately 75% of security related incidents are caused by employee conduct. Ultimately, you cannot make employees accountable for security policies if you don’t educate them? Without employee participation and “buy in” security plans will fail.
New software and hardware solutions will not protect your organization if your employees are clicking on every email, link and attachment they get! With ongoing security awareness training, companies can educate employees to the daily risk and help to create a better sense of community at work. Employees should be provided with the information they need to also protect their personal information and families.
Where can someone find more information on the Security Awareness Training?
The CFISA security awareness training course provides online computer based training that will effectively educate employees to reduce risk. All training includes important work and home security best practices.
CFISA also offers in-person onsite security awareness training that is a proven way to directly connect with your employees. Our training will insure that valuable, relevant and current information is presented to involve employee participation and confidence in your company security program and best practices.
More information can be found on our website: https://www.cfisa.org/
Center for Information Security Awareness