Weekly Tip! Creating a Sense of Urgency
This month our campaign focuses on how attackers seek to create a sense of urgency. We are all human, and we make bad decisions when we are under pressure (it's why stores offer "limited time discounts" and car salesmen pressure you to buy now now now now! But you know what? Phishers aren't really as bright as you might think - they just know how to reuse what works. One of their favorite tricks is to make you feel pressured to make a decision.
This month's phishing assessment email comes from a real-world attack, that's quite personal. You see, my wife AND my son (who work for separate companies) experienced the same attack on the same day. They and their teams received texts and emails purporting to be from their CEOs, which requested that they urgently purchase some online gift cards and send them the codes. My wife was smart and tagged the email as a phish. My son was creative - he tagged the SMS message as a phish, but toyed with the phisher for a while, asking all sorts of dumb questions. In the end, the phishers failed at their efforts.
So how can you tell if an email or a text is a phish? Ask yourself a few questions:
- Is it from someone I know? Don't forget to actually check the return address; it's easy for an attacker to put anything into the "Reply To" field, but more difficult to trick the reply-to email field.
- Was I expecting it? Do you normally receive files from this recipient? Are you currently engaged with them in such a way as to expect emails with attachments?
- Does it make sense? If you don't work in Accounting or Accounts Payable, and you recieve an email claiming to have an invoice attached, it probably doesn't make sense.
- Do I feel pressured? Even the worst phishers know, creating a sense of urgency on your part makes it more likely that you'll take the bait. Tricks to create urgency include communicating deadlines with stiff penalties for tardiness.
- Does it just look weird? Many phishers fail to 'polish' their tempting treats, and send emails with broken links, missing images, inconsistent fonts, and either poor grammar or nonstandard word choice.
If you see an unexpected email or text, and if you can answer "No" to even just one of the above questions it's quite likely to be a phish.
Related Articles
Weekly Tip! Using Attachments
Phishers aren't really as bright as you might think - they just know how to reuse what works. One of their favorite tricks is to attach a file to an email, and trick us into opening the attachment. While it may appear to be a PDF document or a Word ...Weekly Tip! Clone Phishing Scams
Organizations often use email to send important information to their customers. If an organization sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” ...Weekly Tip! Blank EkiNet Ticket Scams
EkiNet is a Japanese organization that sells tickets for area passes and train rides. Many people rely on EkiNet to buy transportation tickets every day. Now, cybercriminals are taking advantage of EkiNet’s popularity by impersonating EkiNet in a new ...Weekly Tip! Current Events Make Great Phish Phood
Phishers are constantly searching for new ways to tempt you into their net. And current events make fantastic phish phood! July is "Amazon Prime" month, where Amazon offers heavy discounts on all those items you really want. Phishers take great ...Weekly Tip! Fake Cryptocurrency Job Openings on LinkedIn
Recruiters often use LinkedIn, a popular professional networking platform, to reach out to potential candidates about job opportunities. Unfortunately, cybercriminals send fake job opportunities through LinkedIn. Currently, they're taking advantage ...