Did you know that 20% of the workforce is likely to click on a phishing link? From there, over two-thirds will input their private information into the fraudulent website where they land. That’s a HUGE amount of data breaches caused by human error! These can be easily prevented by recalling your Security Awareness Training, but that’s not as simple as it seems.
When threat actors are devising their plan of attack, they often study their target organization or individual first, so as to deliver more plausible falsehoods and entrap more victims. For example, a hacker might do preliminary surveillance to find out when you do bank deposits and where, so that they can more realistically pose as your service provider and coerce money transfers or financial accounts from you. Once they’ve crafted a viable ruse, they often send out false messages pressuring you to act fast and click on a provided hyperlink to solve the purported issue.
STOP RIGHT THERE!
Before you click on it, you need to assess if it is from a reliable source or part of a criminal scheme to steal your private data.
The Truth About Suspicious Links
It can be difficult to tell whether certain messaging are a scam or not. While some spam is easily identifiable by its rampant spelling errors and outright lies, other hackers will go to great lengths to disguise themselves as your boss asking for account verification, or a service asking you to secure an existing account. In 2021, phishing messages were most likely to contain subject lines like…
- Odd activity on your account
- Remote Working Satisfaction Survey
- Upcoming Changes (usually to your account or our policies, etc.)
- Your access has been temporarily disabled…
The goal is to convince you to click the link they provide in the message to solve the problem as quickly as possible – when really the threat actor has already set up a fake landing page to capture your login credentials. They try to engender panic, anger, excitement or some other pressing emotion so that you act without thinking too hard about the risks.
Unmasking the Danger
Even if you feel compelled to act on the message, or you aren’t sure if it’s legitimate (even real accounts can be hacked, after all!), there a few ways to check what’s on the other end of a hyperlink WITHOUT clicking on it. Some websites deliver drive-by malware just by landing on the homepage, so you don’t want to proceed before finding out where it leads.
- Hyperlinks can look like anything; you can have a link that says Covergirl.com but it really leads to Google
- If you hover your mouse over a link, but don’t click, then a popup should appear after a moment showing the full URL
- Alternatively, you can right-click links to copy the source URL and then paste it into a new tab, without hitting the search button
- Check to see where it’s really redirecting you before you search!
This will DRASTICALLY reduce the number of hackers who breach the network or steal personally identifiable information (PII). Other signs that you’re looking at a phishing message include minor inconsistencies in the domain of the sender (i.e. appie.com instead of apple.com); if they don’t address you by name or mention any specifics; and unfamiliar people CC’d on the email.
Did you know? The brands most commonly faked by phishers are Microsoft, LinkedIn and Amazon.
Conclusion
This is why your annual Security Awareness Training is so important, and so is keeping up with the latest threats to your job position! Cybercriminals are always looking for new ways to deceive you into handing over your information, or even just dropping your guard low and long enough to mistakenly allow them access to confidential data. It’s important, not only to pay attention during your Awareness Training, but subsequently to refresh your knowledge of cybersecurity defense tactics so you remain prepared whether your official Training and Compliance Assessments took place last week or eleven months ago!
Take control of your cyber-safety, and the security of all the private information on your home and work networks, by being careful where you click. When human error accounts for 95% of data breaches, added caution and investigation really does protect your systems from hackers. Reading this blog is a great first step toward better security, every time you log online.
References