Wednesday, April 2, 2014

How do we stop loved ones from clicking on spam/phishing links?

Do not let them ever get the links.

Problem

Ok I am just being a little facetious. I have kind of grown up on the internet, I am suspicious of all kinds of things (and I am sure I make mistakes all the time), but there are some cases that are just so obvious. However, here is the problem I have, things that are obvious to me, are not obvious to everyone. 

Is there a reason that in the history of your email, you have NEVER sent a link to Botox to your friends, in fact, you have NEVER sent an email to ALL your friends, nor have you sent the same email (or close enough) to EACH of your friends in different emails? I am willing to bet you have not sent the same email (or similar) to more than 10 friends in your contacts which falls into the HUNDREDs or possibly even THOUSANDS.

Solutions

Send filter

Google reads your inbox, Yahoo reads your inbox, and the NSA reads your inbox. I suspect they read your outbox too. Why not read them for good too.

What I propose is that the companies who are sending the email do a simple filter. IF we are trying to send links to a BUNCH of people, OR multiple emails of the same link to a bunch of people, we just simply hold onto the email, and wait a few days. Simply popping up a notification probably will not help, since the person who hacked the account would just as likely hit "OK". However, if you leave it in your sent box with a reminder for say 3 days (this should be enough as MOST people check their email at least 1 time in 3 days), that says "Hey you sent this email to a bunch of people x days ago, I can still cancel it if you'd like". 

Alternately, we could add some kind of are you a real person test (CAPTCHA), so now instead of sending 100 emails all at once, (or say more than 3) you have to put in a CAPTCHA for every so many, which would slow down anyone sending spam. Make it a poor enough Return on Investment (ROI) for the spammer, but a sufficient enough ROI for the person legitimately sending emails.

Training

Suppose whenever a link comes through that *might* be a spam account, before you can look at the email, you have to do some kind of training (this is along the lines of PhishMe, but it is not corporate guided, so this is more "inform the masses"). Once you finish the training, we could HIGHLIGHT links with big arrows that say "THIS MIGHT BE SPAM OR SOMETHING NOT GOOD, WE DON'T RECOMMEND CLICKING".

How would this help?

Prevention

Each of the email providers has to scan each email as it arrives for spamminess. (Yes, I just made this word up). Imagine if instead of having to parse 300 incoming emails, it only has to parse one outgoing, deemed it as spam, and never sent it (of course there would be ways to work around this, but basically it should involve more work than spammers a spammers Return on Investment). Cut it off at the source, less outgoing spam means less incoming spam, and it is a multiplier when you stop it at the source.

Knowledge

People who don't understand safe browsing behavior will either be prevented from even being able to click on links from people they trust (but who weren't sent from people they trust), or simply make it really obvious when you might be subjected to Spam. By informing them repeatedly, it might just become second nature.

Hope you had a fun time reading this.
I would love to hear your feedback.