In 2016, John Podesta, the manager of Hilary Clinton's presidential campaign, received an email with a disturbing subject line: "Someone has your password."
Subscribe now for unlimited access.
$0/
(min cost $0)
or signup to continue reading
An email purporting to be from Google lured Podesta into clicking a malicious link and then changing his password - giving the hackers access to his emails and the inner workings of the Clinton campaign.
Podesta is not alone. According to the Australian Cyber Security Centre, phishing is one of the most dangerous cyber-crimes for both individuals and organisations. It also led to nearly US $26 billion in global losses over the last three years.
With phishing, cyber criminals manipulate people to steal sensitive information, such as usernames, passwords and online banking details.
They are always interested in exploiting humans rather than systems, because it is more cost-effective.
For cyber criminals, humans are the weakest link.
The perpetrators often do this by masquerading as a reputable entity or individual - as happened to Podesta when he received an email from what he thought was Google.
So, how do you ensure that you are not one of the statistics when it comes to phishing?
The key is to stay abreast of current threats, be vigilant online, and do not think twice about blocking malicious or unwanted messages from reaching you in the first place.
In particular, you should:
- Avoid clicking on links or opening attachments from people or organisations you don't know, or are not sure about
- Be mindful of emails or text messages that are very enticing or appealing - or that threaten you to take immediate action
- If an email or message seems suspicious, contact the person or organisation separately to see if they were likely to have sent it
- Before you click on a link, hover over that link to see the actual web address it will take you to - if you do not recognise or trust the address, try searching the relevant terms in a web browser
- Understand that your bank (or any large organisation) would never send you a link and ask you to enter your details such as username, password or financial details.
Overall, stay alert, and learn as much as you can about safe behaviour online. Phishing is often described as breaking into people's mindsets. Don't let the cyber criminals do this to you.
Dr Nalin Arachchilage is a senior research fellow in cybersecurity at La Trobe University