You should feel cranky about all the phishing emails you get. Because getting your brain in a grumpy gear will elevate the odds of your not getting fooled by the next phony invitation to log into your account. At a briefing Wednesday evening at the Black Hat security conference in Las Vegas, Google security researcher Elie Bursztein and University of Florida security professor Daniela Oliveira shared that and other insights about the business of coaxing people into giving up their usernames and passwords. The first thing to know about phishing: It’s not as random and sloppy as it might seem. Said Bursztein: “Phishers have constantly refined.” The roughly 100 million phishing emails Google blocks every day fall into three main categories: highly targeted but low-volume spear phishing aimed at distinct individuals, “boutique phishing” that targets only a few dozen people, and automated bulk phishing directed at thousands or hundreds of thousands of people. Those categories differ in duration. Google typically sees boutique campaigns wrap up in seven minutes, while bulk phishing operations average 13 hours. Google also sees most phishing campaigns target its commercial mail service . Bursztein said Google-hosted corporate email accounts were 4.8 times more likely to receive phishing emails than plain old Gmail accounts. Email services were the most commonly impersonated login page in those attempts, at 42%, followed by cloud services (25%), financial institutions (13%), online retail (5%), and delivery services (4%). Bursztein noted that Google still can’t definitely identify many phishing emails—as improbable as that might seem, considering all the data it collects. That explains why Gmail shows an orange box above messages that look somewhat suspicious but aren’t necessarily attacks. This is your brain on phishing attacks The presentation also covered the human factors that make phishing easier. As Oliveira explained, “When we are in a good mood, our deception-detection accuracy tends to decline.” She cited research showing that increased levels of such feeling-good hormones as testosterone and estrogen, oxytocin, serotonin, and dopamine increase people’s risk-taking appetite. But a jump in cortisol levels associated with stress makes us warier. Presumably, the soundtrack for your mail screening should not be Marvin Gaye’s “Let’s Get It On” but the J.
Read the original:
We keep falling for phishing emails, and Google just revealed why