Costly clicks – beware of phishing links

Costly clicks – beware of phishing links

Part 3: 5 phishing tactics threatening UK Businesses

Welcome back to our series of blog posts focussing on phishing, a method of social engineering costing UK businesses £ millions every year.

In our first post we looked at CEO Fraud. In the second we shared examples of phishing emails with malicious attachments.

Staying on the topic of malicious software, this post looks at phishing emails containing a link which, if clicked, installs malware. 

The tactics used by cyber criminals can be ingenious.

For example, there is a rise in watering hole attacks. Hackers identify the most popular websites used by their target groups. By infecting those sites, the hackers gain access to the computers and company networks of those visiting the sites.  Essentially, the hackers hide behind reputable websites, manipulating visitors’ trust in them.

Phishing emails with malicious links are blasted out in their millions and represent a significant danger to UK businesses.

In the absence of good awareness training, the law of averages dictates that sooner or later, an employee in your company will click on a rogue link, unleashing potentially damaging malware.

It’s not always the case that clicking on a link installs the malware (unless the recipient’s browser is set to automatically trust and run code from all websites). But often the link will appear to go nowhere, causing the user to continue clicking. Then, once the user accesses the site from an internal request, the malware begins its download.

Fortunately, it’s relatively easy to spot a malicious link.  Simply hovering over the link will reveal the true nature of the URL.

Want to check how good your organisation’s security is? Click here.

Even so, cyber criminals are finding innovative ways to convince recipients to click without thinking – helped by spoofing ‘from’ email addresses urging immediate action and with convincing branding in the message.

In some instances, even the URLs themselves appear authentic.

In a case studied by Trend Micro earlier this year, rogue job application emails were found to include links to a Dropbox storage location. The location ostensibly linked to a job applicant’s CV, but instead connected to a self-extracting executable file, unleashing a Trojan into the recipient’s system.

How to stop your staff clicking malicious links

  • Provide regular awareness training
  • Simulate a targeted phishing attack with PhishAware
  • Use the results to understand which departments and locations within your business are most at risk

Learn more about PhishAware

Receive the full infographic of the 5 hot trends in phishing tactics here:

Send me the Infographic

Want to know more? Get in touch with one of our experts today

Related Content

PRCON 2011

PRCON 2011

Whilst we are ardent supporters of maintaining a healthy balance between work and life and well awar...

Welcome to the Perspective Risk Blog

Welcome to the Perspective Risk Blog

The Perspective Risk blog has been created to provide information security resources to the penetrat...