Phishing scams are one of the biggest security threats to your business right now.
According to a survey by cyber security firm, Proofpoint, 83% of organizations experienced successful attacks in 2017. Additionally, nearly one-third of phishing emails were opened last year, which means that there is a high chance that an employee in your business will be victimized.
Cybercriminals have found a new way to scare people into giving away their login details by borrowing a technique from ransomware groups. This tactic is designed to cause panic and make people act quickly.
This new kind of phishing attack begins like most others.
You receive an email notification alerting you of suspicious activity on your account. This could mean someone is trying to log in from a different location or device, and the attempt has been blocked.
You’re then asked to click a link to verify your email address and password. That’s concerning enough, right?
But what makes this phishing attack even more dangerous, is the countdown timer that appears on the screen.
During a countdown, you are typically asked to confirm your details before the timer ends. If you do not confirm your information, your account will be deleted.
Yes, deleted! That catches a lot of people’s attention.
Scare tactics are often used to get people to take immediate action, which can lead them to forget about the consequences.
In reality, if the countdown timer hits zero, there will be no effect. However, watching the seconds count down can give you a sense of urgency that can cause you to forget to check whether an email is genuine or not.
Do not enter your personal information on the page you are viewing. This is a fraudulent page and criminals will steal your details and access your real account.
You’ll be at risk of data theft, financial loss, or malware and potentially putting other accounts at risk (if you’ve reused your password).
Your login details may even be sold on the dark web, allowing other cybercriminals to break into your account.
Here are some basic phishing protections for you and your team.
Look at the email address the email was sent from. Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.
If you believe that you have been scammed, it is important to immediately change your login details. Do not click a link in an email - type the website address into your browser.
We also recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have.
It will store these passwords for you. And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).
Share this article with your whole team right now. And if anyone ever clicks a link they’re not sure about, ask us how to keep your business safe.
Until next time, keep fit and have fun!
TYYV (The Yada Yada Version): Phishing scams are starting to appear with timers attached. Be aware that they will not delete your files and Yada Yada Yada, slow down, think, reach out to your IT provider and reset your credentials.