Phishing scams are one of the biggest security threats to businesses right now.
A whopping 83% of businesses reported having suffered from successful attacks last year.
And since about one-third of phishing emails are opened, the chances of someone in your organization being deceived are high.
To make matters worse, with the latest phishing scam, cyber criminals are using a psychological trick to force people into making a mistake. They’ve adopted a technique used by ransomware groups designed to cause panic, urging their targets to take immediate action and give away their login details.
This kind of phishing attack begins like most others: You get an email alerting you about potentially suspicious activity on your account. It might say someone is trying to log in from a different location or device and the attempt has been blocked. The email may even warn you that your email or bank account is in imminent threat of closure or suspension. You’re then asked to click a link to verify your login and password.
That’s concerning enough, right?
But what makes this phishing attack seem even more threatening is the countdown timer that appears on screen.
It’s typically set to one hour, and the victim is instructed to confirm their credentials before the countdown ends or their account will be deleted.
Yes, deleted! That catches a lot of people’s attention – and causes them to feel stressed and instantly do what’s being asked.
This is a powerful manipulation tactic designed to scare people into taking immediate action – and think later.
In reality, when the countdown hits zero, nothing will happen. But watching the seconds count down can give people a sense of urgency that makes them forget to check whether the email or warning is the real deal or not.
And it’s not – cyber criminals use the fake login page to access and steal users’ account details. That’s a major problem you don’t ever want your business to face.
This can put you at risk of data theft, financial loss, and malware. It could also jeopardize other accounts.
Your login details may even be sold on the dark web, giving other cyber criminals the opportunity to break into your account.
If you face anything like this, stop and think. Would a legitimate service provider really apply that kind of pressure and penalty?
To help protect you and your team from being victimized by phishing, here are some basic guidelines:
- Look at the address the email was sent from (not the “reply to” address). Make sure the spelling and grammar are both correct, be aware of any inconsistencies, and hover over any links to reveal the destination URL.
- Don’t click a link in an email – type in the website address in your browser.
- If you think you’ve fallen for this kind of scam, it’s important you change your login details immediately.
- We recommend using a password manager. This is software that creates long and strong random passwords that are impossible to guess for every account you have. It will store those passwords for you and autofill login boxes to save you time (and yes, password managers detect when prompted to fill in details on a different page, such as a phishing scam website).
Be sure to share this article and information with all of your team members right away. And if anyone ever clicks a link they’re not sure about, ask us how to keep your business safe.
Published with permission from Your Tech Updates.