Phishing: don’t be put under pressure to take urgent action
A massive 83% of organisations said they suffered successful attacks last year. And with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.
But to make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into acting and giving away their login details.
This new kind of phishing attack begins like most others. You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked. You’re then asked to click a link to verify your email address and password.
That’s concerning enough, right? But what makes this phishing attack even more dangerous, is the countdown timer that appears on screen.
Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends, otherwise your account will be deleted. Yes, deleted! That catches a lot of people’s attention.
This is a powerful manipulation tactic designed to scare people into taking immediate action – and think later.
In reality, if that countdown hits zero nothing will happen. But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is the real deal or not.
The page you’re entering your details on is fake. Criminals will steal your details and login to your real account. That’s a major problem you don’t ever want your business to face. You’ll be at risk of data theft, financial loss, or malware, as well as potentially putting other accounts at risk (if you’ve reused your password). Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.
Here are some basic phishing protections for you and your team:
- Look at the email address the email was sent from.
- Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.
- If you think you’ve fallen for this kind of scam, it’s important you change your login details immediately.
- Don’t click a link in an email – type in the website address in your browser.
- We also recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have. It will store these passwords for you.
- And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).
Share this article to educate your whole team, and if anyone does ever click a link they’re not sure about, ask us how to keep your business safe.
Published with permission from Your Tech Updates.