Shane and Jean had just married and were about to buy a house. An email from their lawyer told them where to deposit the down payment, but the lawyer’s account had been breached, and the letter was a fraud trying to invite them to click on a phishing link. Luckily, the huge, unexpected transfer was a red flag for the bank and they held the payment up.
You can install the best antivirus money can buy and subscribe to a really good VPN. But there’s just so much you can do. How do you know someone you’re communicating with hasn’t—themselves—been compromised?
It's all the same to the Phisherman
90% of phishing attacks still come through emails, and lawyers are prime targets. Eventually, unfortunately (or not if you’ve saved up enough for a house) everyone needs a lawyer. Should you insist on one who has his VPN and antivirus fees paid up?
Well probably, but that won’t help.
Antivirus only detects malware after it’s been installed. The firewall might prevent or warn you against installing something suspicious. And, as for the VPN, all it does is mask you IP address so that you can’t be identified online (to a point); it may even encrypt your internet history, but the phisherman has no interest in where you are or what you’re using. His main object is getting you to click on a link. And he can deliver that link through something as ubiquitous as an SMS message on your phone.
At-Sea Security
Strangely, people tend to take more care with their computers than with their phones, even though they often spend more when buying the latter (oh look—four camera lenses). A full 87% feel more confident in the security of their PCs than that offered by their phones, despite the fact that Android now sandboxes its devices, and neither Google’s Play Store nor Apple’s App Store will let you download an application that hasn’t been stringently verified.
Even stranger, those same people will behave less carefully using their cellphones—ironic when you consider that many of us sync our data across both devices with our Google Drives and MS OneDrives.
But the phisherman doesn’t necessarily want to install a malicious app or infiltrate your device. He simply wants your password, so he can hack into larger systems and exploit them—like your bank, your health provider, your employer. He’s not going to take the time and effort required to plant malware where it’s not effective, like your personal mobile device. He’s going to plant it where the cost-effect ratio is the highest, where he can do the most damage.
Like in your bank, healthcare provider’s records or employer’s client list.
You’re nothing but the messenger.
Plug the biggest leak first: You!
You may be a well-armored messenger, have the latest tools and tricks and weapons at hand. But you’re still just the messenger. And the message you carry just may be a ruse. Your VPN cannot make you more vigilant and the only virus your antivirus isn’t immune to is user carelessness
SO, before you click on the link in a message you got on Telegram, before you sign on for that free skydiving lesson advertised on Twitter or join that crypto-riches group in Facebook, read the message.
Take a second look at the link, and think twice before entering your credit card number, work credentials or passwords into what may be a completely fictitious website.
Or simply install novoShield to do the work for you: it’ll simply prevent a phishing site from opening—even if you DO accidentally click on the wrong link.