Phishing Attacks: Here’s How They Hook You
Odds are, everyone in your workplace has been warned about opening suspicious-looking emails. You probably know that clicking a link in a malicious email can open your company’s network up to a data breach or some other kind of network attack. Word gets around.
Even so, these attacks—known as “phishing”—continue, and they often work. Someone sends you an email and includes a link that could end up compromising your company if just one employee clicks on it or provides the sensitive information sought.
If everyone’s guard is up, how do malicious actors entice you to click on the link? Here are a few common tactics:
The email seems to be from an authoritative source: Most employees probably pay attention when the boss sends an email. That’s why one common phishing attack is to send an email that looks as though it is from your boss, or a co-worker, or an organization you do business with. Maybe it’s an invitation to an online meeting, and you are asked to log in via your Google account. Do so, and guess what? You’ve just opened up your Google account to hackers. Or maybe you are given a link to click, and that opens up your network to an attack. Make certain that email really is from a trusted source before you click on a link or share information.
The email seems urgent: One way to get people to bite on something is to make it seem like they had better do so, or else. Offers made “for a limited time only” might prompt you to act before thinking. A link from your boss with an urgent deadline might entice you to click first, think later. A warning that “immediate action is required” might overcome your sense of wariness. It is always safer to think before acting.
Everyone is doing it: One way to make an email or social media account seem safe is to include names of people you know. If a Facebook account seems to have been “liked” by a lot of your friends, you may be psychologically more likely to accept it as safe. If an email mentions someone you know, it might have the same effect.
Hey, it’s free: If someone gives you something, you might feel the need to give them something back. A hacker might send you something like a gift code or a free music download or a coupon and ask that you click a link and answer a brief survey or some such thing. The next thing you know, you’re hacked.
It’s easy to get caught up in work and respond to an email in a hurry, before you’ve had time to think. Phishers rely on that, so don’t do it. Trust us, your boss would rather wait a little longer for you to reply to an email than have to call a data breach response team.
More From The DFC Blog
DISCLAIMER: This blog is designed for informational and educational purposes only. It does not constitute legal advice and is not intended to create an attorney-client relationship. Further, your use of this blog does not create an attorney-client relationship. Online readers should not act upon any information presented on this blog without first seeking professional legal counsel. Legal advice cannot be provided without full consideration of all relevant information relating to one’s individual situation. For specific, technical, or legal advice on the information provided and related topics, please contact the author. The author apologizes for any factual or other errors in this blog. If you believe that some content is inaccurate, false, disparaging, slanderous, libelous, or defamatory, please contact the author directly at (StevenG.@digitalforensics.com). Information herein is provided on an “as is” or “as available” basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content.