Costly clicks – beware of phishing links
Part 3: 5 phishing tactics threatening UK Businesses
Welcome back to our series of blog posts focussing on phishing, a method of social engineering costing UK businesses £ millions every year.
Staying on the topic of malicious software, this post looks at phishing emails containing a link which, if clicked, installs malware.
The tactics used by cyber criminals can be ingenious.
For example, there is a rise in watering hole attacks. Hackers identify the most popular websites used by their target groups. By infecting those sites, the hackers gain access to the computers and company networks of those visiting the sites. Essentially, the hackers hide behind reputable websites, manipulating visitors’ trust in them.
Phishing emails with malicious links are blasted out in their millions and represent a significant danger to UK businesses.
In the absence of good awareness training, the law of averages dictates that sooner or later, an employee in your company will click on a rogue link, unleashing potentially damaging malware.
It’s not always the case that clicking on a link installs the malware (unless the recipient’s browser is set to automatically trust and run code from all websites). But often the link will appear to go nowhere, causing the user to continue clicking. Then, once the user accesses the site from an internal request, the malware begins its download.
Fortunately, it’s relatively easy to spot a malicious link. Simply hovering over the link will reveal the true nature of the URL.
Want to check how good your organisation’s security is? Click here.
Even so, cyber criminals are finding innovative ways to convince recipients to click without thinking – helped by spoofing ‘from’ email addresses urging immediate action and with convincing branding in the message.
In some instances, even the URLs themselves appear authentic.
In a case studied by Trend Micro earlier this year, rogue job application emails were found to include links to a Dropbox storage location. The location ostensibly linked to a job applicant’s CV, but instead connected to a self-extracting executable file, unleashing a Trojan into the recipient’s system.
How to stop your staff clicking malicious links
- Provide regular awareness training
- Simulate a targeted phishing attack with PhishAware
- Use the results to understand which departments and locations within your business are most at risk
Learn more about PhishAware
Receive the full infographic of the 5 hot trends in phishing tactics here:
Want to know more? Get in touch with one of our experts today