Always Stop and Think

If you are under pressure to take urgent action – stop and think..

Phishing scams are one of the biggest security threats to your business right now. A massive 83% of organisations said they suffered successful attacks last year, and, with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.

To make matters more difficult, cyber criminals have borrowed a technique from ransomware groups that is designed to panic people into taking action and giving away their log in details. This new kind of phishing attack begins like most others.

You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to login from a different location or device and the attempt has been blocked.

You are then asked to click a link to verify your email address and password. That’s worrying enough, right? But what makes this phishing attack even more dangerous, is the countdown timer that appears on the screen.

Typically this countdown is set at an hour and you are asked to confirm your login details before the countdown ends, otherwise your account will be deleted. Yes, deleted! This is what catches a lot of peoples attention.

This is a powerful manipulation technique that is designed to scare people into taking immediate action and thinking later.

In reality, if that countdown timer hits zero, nothing will happen. However, watching the seconds countdown can give you a real sense of urgency and emergency that makes you forget to check whether an email is the real deal or not.

The page you are entering your details into is fake. Criminals will steal your details and login to your real account. That is a major problem you don’t ever want your business to face. You will be at risk of data theft, financial loss or malware. As well as potentially putting other accounts at risk (if you have reused your password).

Your login details may even be sold on the dark web, giving other cybercriminals the opportunity to break into your account.

Here are some basic phishing protections for you and your team:

Look at the email address the email was sent from. Make sure the spelling and grammar are both correct. Hover over links to see what website address they are trying to send you to.

If you think you have fallen for this kind of scam, it is important that you change your login details immediately. Do not click a link in an email – type the website address into your browser to make sure you are going to the real website.

We would also recommend a password manager. This is a software that creates long and strong random passwords that are impossible to guess for every account you have. It will store these passwords for you and autofill login boxes to save you time – don’t worry, password managers can detect when they are being asked to fill in details on a fake phishing page!

If you give your people this training, it could save your business. If you would like more training or any advice please get in contact. We would love to help.