It’s funny. It takes years of highly technical training to become a cybersecurity expert. For example, at Lewis, Computer Science students take 53 credit hours of rigorous coursework to prepare for jobs as cybersecurity engineers and analysts. They learn how to write instructions for a computer to follow, how computers interpret and execute those instructions, how operating systems enable multiple instructions to be performed seemingly simultaneously, how computers save the results of running those instructions to disk, and how computers package the results of certain instructions for efficient transport across thousands of miles. They learn how to hide data using advanced mathematical trickery, how to verify that communications came from where the purported sender claimed using more mathematical trickery, and how to use even more math to undo the shenanigans digital malcontents allegedly used to obscure their tracks. They take a very deep dive into the ever deepening pool of computer science, but they eventually come up for air, ready to apply all that they’ve learned as they defend us against the ever-present cyber threat.
With their in-depth knowledge of all things computing, computer scientists wisely choose the right tools and systems and even create their own such implements when necessary. They combine them in just the right ways to build a supposedly impenetrable fortress around our data, steeling it against attack. Warriors of the net they are, fighting the good fight, keeping us out of harm’s way.
And then you or I click on a link in an email, and at least part of that fortress comes quickly crashing down. Warriors, where are you?
The most common kind of attack against today’s information infrastructures is phishing. Perhaps it is so common because it is so simple. In a typical phishing attack, the perpetrator sends an email to the targeted victim that contains a link to a site he wants the victim to visit. When the victim clicks on the link, a number of things might happen. Malware might be downloaded onto the victim’s machine. Or, the victim might be directed to a web form that looks so legitimate that he or she is coaxed into entering private information into the form and clicking the submit button. Of course, because the site is fake and intended to do harm, the information the victim freely entered has now been shared with someone who clearly shouldn’t have it and will now use it to cause the victim great inconvenience. All it takes is one click, or one click followed by severely misplaced trust, to do irrevocable harm.
This is entirely too frail a system, isn’t it? It’s as if the entire Internet were built with string and popsicle sticks. Unfortunately, that’s not too far from the truth. While computer scientists and engineers continue to create better ways to detect, disarm, and contain the damage caused by attacks as simple as everyday click-on-me phishing campaigns, the lack of pervasive security built from the start into the now 50-year-old Internet means that the safety of the worldwide digital enterprise is often caught far too exposed to the wobbly whimsy of hurried and harried human behavior.
So, fellow humans, do you part! You don’t have to sit idly by while the computer geeks work hard to keep you safe, only to be undone by your infernal click-happiness, do you? There is nothing to be gained by avenging the revenge of the nerds with your foolhardiness. This, my friend, must be a shared fight!
As an aging rocker who hates rap for causing my preferred music’s death, I both resent and respect the power of rap to communicate a message. So, here’s a rap to inspire you take up arms against the mischieph of the phishers.
That emailed link
Gonna bring you to da brink.
Don’t click. Don’t click.
Don’t fall for its trick.
Look away, look away,
Else you gonna pay.
I wanna hear you say,
“Not today, no way,
Try as you may,
I ain’t gonna click.
Ain’t never gonna click.
That link be slick,
But it gonna make me sick.
Gonna throw da mail away
‘Fore it do a malware play.
You think I’m gonna click,
But, bish, you cray.
No phish today.”
Well, that was embarrassing. But the message is clear: if you receive a link in an email or on a social media feed, resist, at all cost, the urge to click on it. If you really think you should click on it, see where it leads first. How? If you are using a computer, hover over the link with your mouse, and note the address that appears toward the bottom left side of the screen. If you are using a phone or tablet, long-click it by holding your finger on the link without lifting off, which is, in my opinion, a dangerous test of one’s fine motor skills, but that’s what you have to do; then look at the address that pops up. If the address seems to lead to an unfamiliar place, rap to yourself quietly and succumb to the wisdom of the phlow.
Don’t be a phishing phool. Be skeptical. Be cynical. When in doubt – which should be your usual state – don’t click.
Unless, of course, you want me to rap some more.