Video
Matthias Reinwarth - The wrong click: it can happen to anyone of us
The wrong click: it can happen to anyone of us
My name is Matthias I'm lead advisor and senior Analyst for KuppingerCole. And I want to talk to you in this short video about the impact of the human factor on cybersecurity. And this video is called the wrong click. It can happen to any one of us, and to prove that it can happen to any one of us, I will show you two males that I received in the recent weeks, as examples, attackers, people who want to have a phishing attack, for example, or malware installation on our machine, they want us to do something so they want to raise attention. And for example, they do this by threatening us with, for example, the imminent suspension of the account. So I received this mail obviously, or not obviously by office 365. And somebody tells me that I'm running out of space that makes me click on this mail and to open it.
And this is exactly what I said before. There is the threatening of a, of an account suspension here and that hurts. So I want to do something against it. First check, of course, yes, this is my ID. So I, it seems to be directed to me. And there is the rectify issue button so that I could click immediately on that to hopefully resolve that issue with my account. But if you take closer attention, you will realize that there's some weird spelling in that mail. And there's more of that. And for especially the mail address does not match anything that is related to office 365 or Microsoft. And if I hover above the actual link that is in here, I will realize that this does not lead to anything related to office 365. So this seems to be not legitimate. So don't click on that link and delete that mail and make sure that it is identified as spam for future checks.
Another, another example, money always works well as well. So what's that invoice? It's a German one, but I think you can, can get the, the message. It's an, an invoice from apple and the originated app store. And it's of course, yeah. An invoice for something that I've purchased or not. And if I click on it, it's high enough that it hurts. So it's almost 50 euros. So this is something that if I don't know what it is, I would like to correct. Yes, it is by ID this time, my apple ID. And again, there's a link in there to use for fixing that issue. And again, be careful, have a look and check it and I don't use apple pay. And this actually is an invoice related to apple pay. So that is really something that makes me wonder and who is AXA? Because the mail address that is actually in here does not match app store from apple.
And it is not even an apple or apple related mail address. And if I hover again over the link that is provided again, the same schema, you will see that this leads somewhere in the web, but not to apple. So again, this is not legitimate, that is considered to be spam. So if somebody is not taking care here, he would have clicked that link. And he would have gotten to a site that might be malicious or even installed some software on your machine. So be careful. So what can you do raise awareness, first of all, educate your users, educate yourself, and there should be help. So on the left side, there would be that, that you can do for anybody and tell everybody to do this with every mail that you get. And you're not quite sure. So pay attention for every link for every male, be suspicious, think twice, apply common sense, be careful.
And if you're not sure delete. So this is something that should happens in the brain, in the, in the behavior of any user that you work with with any colleague you are working with, but there should be more, you should really protect the user. And that means you have to select the right and point security portfolio. This is something where we can help you. And this is something that you really should do. There's lots of products to choose from and finding the right combination of what is required. That is really a challenge to do. So portfolio management is something that you should aim for. So there are products that prevent such males from arriving. They do that survey based, based on patterns, rules, analytics, and policies. There are tools that help you to detect these potential anomalies. They do this unassisted, they do this assisted in, they suggest something.
And again, they are based on patterns, rules, analytics, and policies, and they develop over time. There is software that verifies even males that do they make sense? Is there some logic in there? Does the context actually fit together? So identifying the wrong mail address, for example, again, that might be based on patterns, rules, analytics, and policies. And here we see solutions where AI and machine learning come to the rescue. And of course we need software that protects me from clicking protects my browser from executing malicious code protects my machine from executing malicious code by blocking links, by blocking software, or even by virtualizing a whole application processes or browser taps. And you really should look into these solutions and you really should take care. Thank you for watching this video. See you next time here.
And this is exactly what I said before. There is the threatening of a, of an account suspension here and that hurts. So I want to do something against it. First check, of course, yes, this is my ID. So I, it seems to be directed to me. And there is the rectify issue button so that I could click immediately on that to hopefully resolve that issue with my account. But if you take closer attention, you will realize that there's some weird spelling in that mail. And there's more of that. And for especially the mail address does not match anything that is related to office 365 or Microsoft. And if I hover above the actual link that is in here, I will realize that this does not lead to anything related to office 365. So this seems to be not legitimate. So don't click on that link and delete that mail and make sure that it is identified as spam for future checks.
Another, another example, money always works well as well. So what's that invoice? It's a German one, but I think you can, can get the, the message. It's an, an invoice from apple and the originated app store. And it's of course, yeah. An invoice for something that I've purchased or not. And if I click on it, it's high enough that it hurts. So it's almost 50 euros. So this is something that if I don't know what it is, I would like to correct. Yes, it is by ID this time, my apple ID. And again, there's a link in there to use for fixing that issue. And again, be careful, have a look and check it and I don't use apple pay. And this actually is an invoice related to apple pay. So that is really something that makes me wonder and who is AXA? Because the mail address that is actually in here does not match app store from apple.
And it is not even an apple or apple related mail address. And if I hover again over the link that is provided again, the same schema, you will see that this leads somewhere in the web, but not to apple. So again, this is not legitimate, that is considered to be spam. So if somebody is not taking care here, he would have clicked that link. And he would have gotten to a site that might be malicious or even installed some software on your machine. So be careful. So what can you do raise awareness, first of all, educate your users, educate yourself, and there should be help. So on the left side, there would be that, that you can do for anybody and tell everybody to do this with every mail that you get. And you're not quite sure. So pay attention for every link for every male, be suspicious, think twice, apply common sense, be careful.
And if you're not sure delete. So this is something that should happens in the brain, in the, in the behavior of any user that you work with with any colleague you are working with, but there should be more, you should really protect the user. And that means you have to select the right and point security portfolio. This is something where we can help you. And this is something that you really should do. There's lots of products to choose from and finding the right combination of what is required. That is really a challenge to do. So portfolio management is something that you should aim for. So there are products that prevent such males from arriving. They do that survey based, based on patterns, rules, analytics, and policies. There are tools that help you to detect these potential anomalies. They do this unassisted, they do this assisted in, they suggest something.
And again, they are based on patterns, rules, analytics, and policies, and they develop over time. There is software that verifies even males that do they make sense? Is there some logic in there? Does the context actually fit together? So identifying the wrong mail address, for example, again, that might be based on patterns, rules, analytics, and policies. And here we see solutions where AI and machine learning come to the rescue. And of course we need software that protects me from clicking protects my browser from executing malicious code protects my machine from executing malicious code by blocking links, by blocking software, or even by virtualizing a whole application processes or browser taps. And you really should look into these solutions and you really should take care. Thank you for watching this video. See you next time here.
Video Links
Stay Connected
How can we help you