With more than 90% of successful hacks and data breaches starting with phishing scams and 99% of email attacks relying on victims clicking links, it’s important to learn how to click intelligently.
It used to be the rule of thumb that it was generally safe to click links in an email that originated from either a trusted sender or domain name. That isn’t the case anymore. Bad actors have gotten better in the last few years, and there’s an inherent risk every time you click on a link or download an attachment. Okay, this doesn’t mean all links and attachments are malicious, but how we used to determine what’s unsafe before clicking or downloading has changed. How do you know when your “Warning, Will Robinson” alert should start chiming off?
Before you click on that link or download that attachment: Pause and review before taking any action. Especially now, when the sense of urgency and immediacy have the potential to trap our logic and trick us into clicking that link to see the newest cure for COVID-19.
Compromised Email Accounts
The CEO sends you an email with an invoice they need to be paid today. The email sender information and signature all look accurate.
- However, in this instance, the CEO’s account has been compromised, and the bad actor is attempting to get your department to wire them funds. If you reply to the email asking for more information, it can be the bad actor that is answering you, not the CEO. This tactic is successful way too often.
- A vendor for your organization sends you an email or SMS message to your phone and asks you to review the attached invoice. Their email has been compromised, and the bad actor has sent out a phishing campaign to everyone in the vendor’s email to get the recipients to enter their credentials to see a fake document so that the actor can compromise more accounts.
Takeaway: Pay attention to the details. Is this an unusual request sent at an odd time, or are you being asked to bypass internal security controls? If so, call the email sender directly (don’t use the email signature phone number to call them) and ask if the request is valid. In other words, use another means (text, chat, phone) for verification before processing payments or entering credentials that have a sense of urgency or seem unusual.
Sense of Urgency or Fear
Actors know how to use keywords to create a sense of urgency in responding to phishing emails.
They know that their hyperlink and attachment have a short shelf-life before threat monitoring is alerted that the new domain is malicious or that there is a new malware tactic within the downloaded attachment. So, getting you to react quickly is the key to the phishing attack being successful. Below is a partial list of the most popular phishing email subjects using key fear or urgency words that have been seen in the wild by Knowbe4.
Popular Email Phishing Subjects
- SharePoint: Approaching SharePoint Site Storage Limit
- Office 365: Medium-severity alert: Unusual volume of file deletion
- FedEx: Correct address needed for your package delivery on [[current_date_0]]
- USPS: Your digital receipt is ready
- Twitter: Your Twitter account has been locked
- Google: Please Complete the Required Steps
- ·Cash App: Your Account Has Been Closed
- Coinbase: Important Please Resolve Error Now
Source: Knowbe4
Takeaway: If an email creates a sense of urgency or fear if you don’t do something now, remember don’t panic and review before taking any action.
Hovering over the link
Hovering over a link will still assist in catching some of these malicious emails, but not all of them anymore. First, it’s becoming more common to open emails on mobile devices, and this can make it difficult to hover over the link to reveal the URL. Second, bad actors are getting creative when creating domains.
For example, walmart.com looks the same as waImart.com. One of these has a lowercase L, and one has capital i.
Review the link’s domain and look for obvious inconsistencies. Let’s say you receive an email from Amazon stating there is an issue with your order, and the hyperlink URL is for Google Drive. It’s not likely that Amazon would send you to Google Drive to review your order.
Takeaway: Even if it appears to be a legitimate hyperlink, be aware of the use of special characters and bad actors using valid domains to deliver malware and credential stuffing. Don’t use just hovering to decide. If the URL doesn’t match up to what you’d expect to get from the sender, don’t click the link or download the attachment; instead, go directly to the provider’s website and enter your details there.
Misspellings and bad grammar
Yes, back in the day, most of these phishing emails could easily be identified by spelling errors, but they’ve stepped up their game. Bad actor tactics are continuously improving making it difficult to distinguish legitimate emails from phishing emails attempting to harvest your credentials when you click the link to login.
Takeaway: Often, bad actors tend to have misspellings and grammatical errors in their emails. A best practice is if you notice bad grammar or spelling mistakes, don’t download the attachment or click the link.
Enable Macros or Content
The 2019 Verizon Data Breach Investigations Report found that 90% of emailed malware is distributed via macros.
Macros can be found in an emailed attachment, such as office documents like Word or Excel, that, once opened, trigger a notification prompting you to click to enable the content or enable macros. Once clicked, the macro begins running a script that will download a malware payload that lets bad actors steal or encrypt your data. As noted earlier, these emails usually have a sense of urgency and appear to be from a trusted source – two ways that actors trick you into quickly clicking to enable the content without a second thought.
Takeaway: Should you enable macros? You and your organization may want to think twice and consider a globally setting disable macros without notifications.
Sure, hackers can find ways to dig for this information if they infiltrate your inbox, but don’t make it easy for them. Good old-fashioned vigilance and following the easy tips above will help flag suspicious activity so you can take immediate remediation steps.
If you found this article interesting, you might want to check out some of our information here: https://teamascend.com/cybersecurity
At your service. Intelligent technology solutions. Powered by people.