Phishing scams are one of the biggest security threats to your business right now.
Did you know that 83% of businesses admitted they suffered successful phishing attacks last year. And with about a third of phishing emails being opened, the chances that someone in your business will be fooled are high.
But to make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into acting and giving away their login details.
This new kind of phishing attack begins like most others.
You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked.
You’re then asked to click a link to verify your email address and password.
That’s concerning enough, right?
But what makes this phishing attack even more dangerous, is the countdown timer that appears on screen.
Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends, otherwise your account will be deleted.
Yes, deleted! That catches a lot of people’s attention, making them panic. And makes them more likely to buy into the phishing scam.
This is a powerful manipulation tactic designed to scare people into taking immediate action, not thinking it through.
But in reality, if that countdown hits zero nothing will happen. But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is the real deal or not.
The page you’re entering your details on is fake. Criminals will steal your details and login to your real account. That’s a major problem you don’t ever want your business to face.
You’ll be at risk of data theft, financial loss, or malware, as well as potentially putting other accounts at risk (if you’ve reused your password).
Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.
So, to help you and your business, we put together some basic phishing protections:
- First, take a look at the email address the email was sent from. Make sure the spelling and grammar are both correct, and hover over links to see what website address they are trying to send you to.
2. If you think you’ve fallen for this kind of scam, it’s crucial that you change your login details immediately. And be sure to not click a link in an email. Instead, type in the website address in your browser. This will ensure you wont be tracked and that your information is safe.
3. We highly recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have.
A password manager will also help you save time and increase productivity because it will store these passwords for you.
And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).
Share this article so that everyone on your team can avoid phishing scams. And if anyone ever does click a link they’re not sure about, contact us at Itechra on how to keep your business safe.
Published with permission from Your Tech Updates.