Today, hackers and crackers aren’t always as technically clever as we think they are. Around 99% of email attacks performed today aren’t using a cunning piece of computer code to take control of their victim’s machines. Rather, they rely on a different type of cunning – social engineering.
Social engineering techniques are being used to get email attacks, victims, to willingly click on malicious links. This kind of attack, known as phishing, relies on the victim believing that the email comes from a trusted source. They might impersonate a colleague or a boss, or even a trusted cloud services provider. The user sees the email (which has been carefully crafted to make it look like it comes from the source), and they then willingly click on the link, download the document, complete some other action.
Users are the last line of defense when it comes to phishing attacks. While many phishing attacks are quite well-done these days, they aren’t perfect. A lot of attacks rely on a sense of urgency. If you get a terse email from someone asking you to do something, think for a moment. Does that email ‘sound like’ them? Do they normally email you documents, and if they do, is that filename something they would usually use?
If you’re in any doubt at all, contact the sender another way and ask them if the email is legitimate. You can also contact our professionals for help with cybersecurity.
Remember that the big cloud services providers don’t send unexpected links to their customers, and they won’t ask you to log in after you’ve clicked a link in an email. Again, if you’re unsure, go directly to the provider’s website by typing the address into your browser’s address bar, and log in from there. If the email was about anything important, you’ll have a notification in your account as well.