Engage Your Brain
One of the greatest quotes ever uttered by a military commander in the 21st Century came from Marine Corps General James Mattis. He famously told his Marines before the 2003 invasion of Iraq to “Remember your training, and engage your brain before you engage your weapon.” In essence that means to think before you act. That is equally true in cybersecurity. All too often, people get lured to click on shiny looking things, or things that may “look” legitimate, but are really nothing more than ruses, clickbait, or social engineering.
When it comes to emails especially, the first thing I always told relatives to look for is the email address from whence it came. For example, if you get a seemingly legit email from Paypal, saying your account may have been compromised, check if it actually came from an address ending in “paypal.com”. If it’s not, then chances are, it’s a scam. Also, if you put the mouse cursor over a link they ask you to click (Please for the love of all that is good and holy don’t actually click it, just put the cursor over it), and the bottom link display doesn’t look anywhere close to a Paypal website, then it’s almost certainly a scam designed to provide your Paypal account login to whoever send the malicious email to you.
It’s rather sad to say, but there’s no shortage of hackers and social engineers out there who rely quite heavily on the gullibility and naivete of people. It’s their bread and butter, and all too often, when people see something that LOOKS legitimate, they assume that it is without bothering to use a measure of connon sense and due diligence. I’ve actually seen cases where people get frauduent calls and email notifications for banks or websites the folks never had an account, claiming the account was hacked, and they still believed it was legitimate, when it would only take a few seconds to realize they never shopped there once in their lives.
In one rather memorable case, one of my relatives (I won’t say whom to protect their reputation), was utterly convinced that the Windows Update feature was a scam, simply because a random popup on a website I had never even heard of told them so. It took me years to eradicate that notion from their brain, and in several instances, when I had to remove a virus from their computer or to apply a patch that would prevent them from being vulnerable, they staunchly refused to allow me to apply Windows Updates when that was the very fix to the problem. And by and large, these are otherwise incredibly intelligent people, with technical or scientific degrees, but for reasons unfathomable to (and to the intense exasperation of) IT professionals, promptly drop-kick all notions of common sense right out the window, when as Gen. Mattis stated, they need to engage their brain first.