Email phishing is a similar online scam, and it can go hand in hand with fake news. At my corporate job, our IT department is almost always sending out alerts and information on how to spot phishing emails, yet someone always ends up clicking the dreaded links. More and more companies are putting their employees through Security Awareness Training, to try and avoid phishing scam issues in the future. Michael Levin from The Center for Information Security Awareness (CFISA) was kind enough to answer some questions on this training, and why it is smart to take this preventative measure.
How has fake news impacted the public in this day and age?
The term “fake news” has now become a frequent topic in the daily news due to allegations in the political arena. However, claims of fake news have been around for at least half a century, notably rising in prominence in tabloids.
As a consumer of news, we expect that the author has conducted appropriate fact checking and proper multiple verification of sources prior to releasing the article. We expect that the news we read will provide information in a format that is; objective, accurate, truthful, impartial and fair.
But unfortunately, this is NOT always the case, and we should become smarter consumers of this information. Fake news stories online can be used to attract unsuspecting users to spread malware, fraudulent schemes, or even more sinister purposes such as political propaganda.
Why do websites put out fake news in the first place when it would be so simple to discredit them by providing factual news?
The motivation of a fake news article could be any of the following:
- Sell more newspapers or magazines
- Political propaganda to promote opposition agenda
- Advertising clicks or spam
- Fraud including phishing scams
- Spreading of malicious code and viruses
Consumers are having more and more difficulty recognizing the fake news articles and sites because they look so convincing. Often, the fake news sites have misleading URLs that look almost legitimate but are counterfeit. Official looking “blog articles” could appear to be a news article when it is really just the author’s opinion.
How does your Security Awareness Training help people identify what is fake and real news?
Cybercrime is the fastest growing crime in the world and every day businesses are being attacked in new ways. Many of the same principles and best practices taught in security awareness training are very relevant to help us in determining fake news articles that come to us in various ways on the Internet.
Training employees to look at the URL and consider the source is a start. There are various ways to verify the content of news articles and determine the motivation of the website or author. The safest approach in dealing with all news articles is to verify the story independently prior to clicking on the links. It just takes a few seconds to open a browser window and conduct a search on the headline to verify.
The CFISA security awareness training helps to reduce the risk and serves to remind employees of security best practices. Ongoing training will keep employees thinking about security on a regular basis that will help to reduce business and personal risk.
How is email phishing similar to fake news?
The motivation and purpose of a phishing email and a fake news article could be the same. Both are popular with cyber criminals as an easy way to trick someone into clicking on a malicious link or attachment. In both cases the information appears to be legitimate and reputable and are designed to trick the victim.