Patches For Phishing

Amy Bid · 12:45 · 2024

awareness

Amy Bid, a business strategist who consults with small businesses on digital marketing, shares how she achieved a 100% success rate against 200 phishing attempts over six years using a simple approach: emotional support and training. Her core message: look, don't click, and verify.

Open on YouTube ↗

Patches for Phishing: Simple Behavioral Fixes That Actually Work

Amy Bid is not a cybersecurity professional by trade. She is a business strategist who consults with small businesses on digital marketing. But over the past six years, she has helped her clients dodge roughly 200 phishing attempts with a 100% success rate — no malware, no ransomware, no money lost. Her talk breaks down how she did it and why the approach matters.

People Are the Patch

Amy's central thesis is refreshingly simple: people don't fall for phishing because they are stupid. They fall for it because they are busy, distracted, and operating on autopilot. The fix is not more software — it is a new behavioral path for handling all inbound messages, whether email, DMs, social media, or SMS.

The solution fits on a bumper sticker: Look. Don't click. Verify. That is the patch. The people themselves are the patch.

Two Pillars: Emotional Support and Training

Amy attributes her success to two things. First, emotional support — building trust with clients so they feel comfortable forwarding suspicious emails without shame. She tells them there are no stupid questions and that asking is expected. Second, training — not elaborate simulations, but simple familiarity. Showing clients what phishing emails look like so they can recognize the patterns.

She cites the SANS 2023 Security Awareness Report, which found that phishing susceptibility drops by up to 70% with regular security awareness training. Training can be as simple as a 10-minute walkthrough: here is a real phishing email, here is why it is fake.

Real-World Case Studies

Amy shares two powerful stories. A friend at a new job bought $2,500 in gift cards within 10 minutes because a phishing email looked like it came from her new boss. She had no trusted person in the office to check with — she was the new kid, the easy target.

The second story is darker. An 80-year-old woman on a fixed income was contacted by scammers who told her that her bank account was used to purchase child pornography. They activated shame and fear, established authority, created urgency, and told her not to tell anyone. Two hours later she was depositing $8,000 into a Bitcoin ATM across town.

Phishers Are Black Hat Marketers

One of Amy's most useful reframes: phishers are not hackers in the traditional sense. They are black hat marketers. They buy lists, they target segments, they convert leads. The 272 million Social Security numbers breached recently are just another marketing list to them.

Who Should Watch

Anyone who trains non-technical users on security awareness. Anyone who works with small businesses. The talk is light on technical depth but strong on practical behavioral advice that actually works in the real world.