Professor Lorrie Cranor Provides Tips on How to Protect Against Phishing Attacks

By TAP Staff Blogger

Posted on June 3, 2020


Because many people are working from home and not under the typical protective electronic setting of networks that exist within offices, [Professor Lorrie] Cranor believes people have become more susceptible to phishing attacks.
- Professor Lorrie Cranor, Carnegie Mellon University, in an interview with NPR’s Here and Now


There has been a surge in phishing attacks and online scams taking advantage of COVID-19-related uncertainties and vulnerabilities. In March, the FBI shared their findings of a “rise in fraud schemes related to the coronavirus (covid-19) pandemic.” National news journals and outlets are reporting these concerns as well:

  • The Wall Street Journal reports: “Fraudsters are increasingly using pilfered credit-card numbers and phishing attacks to prey on overwhelmed consumers and banks during the coronavirus pandemic.”
  • Wired recently shared: “THE COVID-19 PANDEMIC has provided boundless opportunities for scammers since January at least. But a group of fraudsters known as Scattered Canary has reached new depths, ripping off state unemployment systems for millions of dollars just as funds are running dangerously low.”
  • CNBC outlines: “The risks caused by the coronavirus are rising beyond public health, job losses and economic spirals. Cyberthreats, including phishing scams and spam, are spiking as online criminals take advantage of the coronavirus to attack remote workforces and corporate systems, and tech vendors, such as SaaS providers, are less able to respond in the current situation.”
  • Consumer Reports warns: “Watch out for a surge in emails from cybercriminals pitching COVID-19 health information and fake cures.”

In an interview with NPR’s Here and Now, Professor Lorrie Cranor shares her insights from anti-phishing research she spearheaded as Director of the CyLab Usable Privacy and Security Laboratory (CUPS) at Carnegie Mellon University.


Below are a few excerpts from the Here and Now episode, “Phishing Is Surging. Here's How To Spot Online Scams.”


Phishing is when a scammer sends an email that appears to come from a legitimate source, says Lorrie Cranor, professor of computer science and of engineering and public policy at Carnegie Mellon University.


These scammers can be a range of suspects — from those working for a large criminal enterprise to someone alone in their basement, she says.


[Professor Cranor] She says most cases she’s heard about recently involve current events, specifically the government stimulus checks in response to the coronavirus crisis. Scammers are acting under the guise of the government, hoping unsuspecting people will give out their bank account information.


Another recent way scammers have tried to infiltrate people’s electronics is through emailing fake Zoom links which, if clicked, may install malware onto one’s computer.


Cranor advises people to be “very careful” before taking any action on an email, phone call or text message.


“If somebody is saying they're from the government, be very skeptical,” she says. “The government usually doesn't call you.”


Think twice before sharing any personal information, she says.


“Any information like bank account information, Social Security number, passwords, anything like that, you really, really should be skeptical and not do it,” she says.


To identify a scam email, observe the email address. Sometimes, it’s not glaringly suspicious, but similar to a normal email. Read the entire email address before taking any actions, she suggests.


A lot of scammers have updated their tactics, utilizing sophisticated and convincing methods to successfully commit cybercrimes.


But not all scammers have learned new tricks. Fake messages from Nigerian princes promising millions of dollars still exist.


“That Nigerian prince is still alive and well, and is still sending out those fake messages,” Cranor says with a laugh. “It's actually amazing. I just got one the other day.”


Listen to or read the full interview: “Phishing Is Surging. Here's How To Spot Online Scams” (NPR’s Here and Now, May 22, 2020)


Learn more about Professor Cranor’s research on phishing:


Lorrie Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies, with Carnegie Mellon University’s CyLab Security and Privacy Institute. She is also the FORE Systems Professor, with CMU’s Computer Science and Engineering & Public Policy departments; the Director of the CyLab Usable Privacy and Security Laboratory, and Co-director of the MSIT-Privacy Engineering masters program. Professor Cranor teaches courses on privacy, usable security, and computers and society. In 2016, she served as the Federal Trade Commission’s (FTC) Chief Technologist.