Phishing scams are one of the biggest security threats to your business right now.
A massive 83% of organizations said they suffered successful attacks last year. And with just under a third of phishing emails being opened, the chances that someone in your business will be fooled are high.
But to make matters more difficult, cybercriminals have borrowed a technique from ransomware groups designed to panic people into acting and giving away their login details.
This new kind of phishing attack begins like most others
You get an email alerting you to potentially suspicious activity on your account. It might say someone is trying to log in from a different location or device, and the attempt has been blocked.
You’re then asked to click a link to verify your email address and password.
That’s concerning enough.
But the countdown timer on the screen is what makes this phishing attack even more dangerous.
Typically, it’s set at one hour, and you’re asked to confirm your details before the countdown ends. Otherwise, your account will be deleted.
Yes, deleted! That catches a lot of people’s attention.
This powerful manipulation tactic is designed to scare people into taking immediate action – and think later.
In reality, if that countdown hits zero, nothing will happen.
But watching the seconds count down can give you a sense of urgency that makes you forget to check whether an email is a real deal or not.
The page you’re entering your details on is fake. Criminals will steal your details and log in to your real account. That’s a significant problem you never want your business to face.
You’ll be at risk of data theft, financial loss, or malware and potentially putting other accounts at risk (if you’ve reused your password).
Your login details may even be sold on the dark web, allowing other cybercriminals to break into your account.
Here are some basic phishing protections for you and your team.
Look at the email address the email was sent from. Make sure the spelling and grammar are correct, and hover over links to see what website address they are trying to send you.
You must change your login details immediately if you think you’ve fallen for this kind of scam. Don’t click a link in an email – type in the website address in your browser.
We also recommend using a password manager. This software creates long and robust random passwords that are impossible to guess for every account.
It will store these passwords for you. And autofill login boxes to save you time (yes, password managers detect when they’re being asked to fill in details on a different page, such as a fake phishing page).
Share this article with your whole team right now. And if anyone ever clicks a link they’re unsure about, ask us how to keep your business safe.