HA HA! You Got Phished Blaming the end user isn’t going to stop cyber attacks

If you’ve ever watched the Simpsons, you know Nelson, that scruffy miscreant at Springfield Elementary. When things go wrong, no matter the cause, Nelson interjects with a point of the finger, and then his catch phrase, the unearned “ha-ha!

It’s wholly unhelpful. Our collective response when people fall for sophisticated email phishing attacks is to channel Nelson, rather than deal with the root problem.

For so many people, work is clicking on things. If you’re a venture capitalist, or a lawyer, you have to click on links in email. It’s unreasonable to blame them. Nor does it make sense to ship victims off to training.

Around 95% of breaches start with phishing. It’s a method of attack that hasn’t changed, even as the results — be they viruses, ransomware, or point of sale attacks — have. To fight this threat, most companies rely on education. But when one click can sink a company, reducing the response rate to bad emails from 60% to 10%, which is what most phishing training programs hope to do, hardly makes an organization airtight. The best phishing emails are created by experts and could trick even an IT professional.

A better solution is to thwart delivery of said attacks altogether rather than hoping to stop user clicks. Area 1 Security watches the internet, crawling the entire web like a search engine to look for the early signs of phishing attacks. Attackers must create infrastructure for attacks, so they trap themselves in the world wide web. The web is a massive place, but with state-of-the-art analytics and big data, we can find the places hackers live.

Signs that a web page might be a phishing site include (but are not limited to) how well the page renders on mobile, since most hackers don’t spend the time to make their pages work on phones, or how long a page has existed. If you’re the first person to visit a web page, I can guarantee it’s a malicious website.

Stopping the next major breach shouldn’t be put on the end user. The experts should be responsible for protecting end users. And as the experts, we are focused on letting people work and play on the web in a natural, unguarded way.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


Understanding the Four Business Email Compromise Attack Types

Business Email Compromise (BEC), also sometimes referred to as email account compromise (EAC) or vendor email compromise (VEC), is a type of phishing attack that takes advantage of an existing relationship between a victim and organization.

Area 1 Security Announces the Most Spoofed Brand of 2021

Dear America’s sports-loving, company-securing fans: Before you find yourself glued this weekend to (what some call) THE biggest game in college basketball history, we are here to crown the 2022 March Hackness winner!

2022 March Hackness: The Return of the Phishing Bracket

Area 1 Security’s Sixth Annual March Hackness: The Perfect Phishing Bracket is here! Learn who made the list of the top brands that attackers use in phishing lures.