Phishing attacks continue to be one of the leading cyberattack methods targeting small businesses. With a cyberattack occurring every 36 seconds, hackers are relentlessly trying to steal your company or personal information. One of the ways they collect data is by providing you with a link to click. They are hoping you don’t know the signs and signals that the intent of their request is malicious.

Avoiding Phishing Scams

We’re diving deep to show the process of a phishing scam that uses links that are not secure in order to steal your information and break into your systems. In this article, you’ll learn the anatomy of a phishing scam, what happens when you click on a malicious link, what the hacker will do with your information, alternative solutions to verify the sender’s identity, and steps to take if your device is compromised.

Conducting routine cybersecurity training sessions is important to eliminate a phishing scam’s potential impact on your business. Educating your staff lets your business get ahead of the threat by quickly spotting and reporting phishing activity they might come across. Feel free to use the information below as a training tool for your employees so they can remain vigilant against phishing attacks throughout their workday.

Anatomy of phishing scams, including links

Usually, when a hacker tries to bait you with a malicious link, they’ll send what looks like a trustworthy message from a legitimate company encouraging you to click the link. Acting as a company you have an account with, a coworker, or an HR representative, the hacker manipulates you into thinking you could miss a paycheck, lose paid vacation, or, ironically, that your account has been breached. Often a sense of urgency is used, although occasionally, it’s simply a crazy topic you click to learn more about.

The structure of a phishing scam is often the same across the board. But the method in which you might receive the phishing scam, such as your inbox or a direct message, could change the message. Take a look at how this works.

Email

[Screenshot taken from KnowBe4, arrows included by CoreTech]

Here is a classic phishing scam from a hacker baiting you to click on the links conveniently provided. This hacker is pretending to be PayPal, but you could also receive emails from Amazon, Google, Microsoft, or any other easily recognizable company.

Red Flags

You’ll notice PayPal’s logo is placed as the first thing you see when opening the email to establish credibility immediately. This instantly exposes a red flag if you don’t have an account with PayPal. On the other hand, if you have an activated account with PayPal- including if you have an account but don’t use it- you may not notice the signs and think this is a legitimate email. Emails from other companies may also include branded footers for additional trust.

Email Address

If you look closely at the sender’s email, it says service@intl.paypal.com <service.epaipal@outlook.com>. PayPal, or any other large organization, wouldn’t misspell their company name, especially when contacting a customer about their account. They may also include “No Reply” email addresses but still watch for spelling errors and incorrect information to verify the company’s identity.

Attention Grabbing Headline

Next, you’ll notice the “Response required” section bolded and in bright blue to grab your attention. This is to set off alarm bells that something is wrong, even if you don’t know the problem. The trigger is meant to blind you from noticing other mistakes that would tell you that this email is malicious.

URLs

Further down, the hacker gave two links for the recipient to click on. Like many emails across your screen, they’re hyperlinked to keep the message clean and short. Of course, hackers take advantage of your busy day, banking on the fact that you won’t check to see if the URL is harmful before clicking.

These are just a few indicators illustrating someone trying to reel you into a phishing scam in an email. While the rest of the messaging seemed straightforward and clear, remember their goal was to replicate an email that resembled a real one. They wanted to be direct enough to promote an action without being too pushy to set off mental alarm bells.

Direct Messages (DM)

[Screenshot from KnowBe4, arrows included by CoreTech]

Similar to the email example above, the sender’s information seems slightly off. While they claim to be from Wells Fargo, their subtitle is long and irrelevant to the company. If you look at Wells Fargo’s actual profile, they are only listed as “Financial Services.” The hacker also includes a title, “Secure Your Wells Fargo Online Key,” to show that this is an important message you need to pay attention to and respond to quickly.

Is the Message Accurate? 

In the body of the message, they make the mistake of calling it an “email” rather than stating something like, “We’re contacting you to safeguard….” Hackers usually send out several messages at once, so they often forget to customize their content.

HTTP vs HTTPS

This DM shows the entire link, though some might have a hyperlink like in the email. If you look closely at the beginning of the URL, you will see an HTTP instead of an HTTPS. This is a red flag that this is an unsafe link to a malicious website.

Look at More Than The Profile Picture

The direct message doesn’t have a logo, which is normal. But the profile photo lacks Wells Fargo’s iconic profile picture and is kept blank. Not all DMs will be like this; some might include an old profile photo or the current one that looks slightly different than the original. They might copy the profile picture altogether, so you must rely on the other signs to indicate the message’s legitimacy.

If there is a security concern with your account, the company will not contact you over social media but through email to let you know what needs to happen with your account. Then, look for the signs we pointed out in the PayPal example above.

What happens when you click on a link?

Unfortunately, we make mistakes. Sometimes the hacker fools us, so we click on the link in a text, email, or DM. Depending on the attack, the link will take you to an unsafe site, typically resembling the website you intended to connect to.

What can occur when you click a link?

• Stolen information- the attacker automatically receives data on your device statistics or location
• Compromised network- the hacker could gain access to your computer remotely
• Drive-by-download- while you’re on the website, a virus is unknowingly downloaded onto your computer, infecting your device and stealing confidential data.
• URL injections- the hacker embeds malicious URLs into a web page, ejecting code into your PC that redirects you to other malicious sites

How do phishers use your information?

A hacker’s goal is to steal as much data from you as they can. The more information they collect, the higher the eventual payday, meaning the attack doesn’t stop after you’ve clicked on the link in an email, text, or DM.

If the malicious link takes you to a login website, and you insert your credentials, the hacker will copy your username and password on other accounts you have to try and gain access. If you recycle your password for other web pages, those accounts will also become compromised. On the other hand, using unique, phrase-like passwords with unique characters will prevent the hacker from breaking into more accounts.

The attacker will try to access your medical, financial, and social security information with the stolen login credentials. If you have multi-factor authentication enabled- which we hope you do- they will try to work around it by flooding your authentication app until you approve entry, also known as MFA fatigue. This would be an opportunity for you to stop the hacker from taking any more information and reporting the attack.

Another route they might take is exploiting your contact list. If they can access your device remotely, they will impersonate you to your colleagues and friends by sending phishing scams to their inboxes, DMs, and even text messages. Because it’s coming directly from you, the chances of the recipient seeing the message as malicious are small, allowing the hackers phishing schemes to branch out even further.

Hackers can also sell your information on the dark web to other cybercriminals. The buyers will then breach your accounts to find private data they can use to sell or exploit. It’s an ongoing cycle where you are continuously taken advantage of.

Instead of clicking on the link…

As stated earlier, sometimes you want to click on the link on the off chance the message is accurate, and your private information could be in danger. But there are alternative and safe solutions to verifying an email or direct message’s legitimacy without putting you at risk:

1. Use your mouse to hover over the link to see if it’s secure. Remember, HTTP means the connection is not secure, and HTTPS indicates the sender is providing a safe link. If you’re reviewing the message on your phone, verify the person’s identity first.
2. Go to your account without using the link and check for suspicious activity. If someone has signed in or taken information that isn’t you, immediately report the device and change your password.
3. If you are contacted by someone you know, connect with them directly to confirm their identity by calling or talking to them face-to-face.
4. Talk to your IT partner to have them scan the email for malicious content.
   
   

Be sure to report the email if malware is found in the email so your IT service provider can block the sender from contacting you again.

What if your account has been hacked?

If your account has been compromised, disconnect your device from the internet and all other networks, preventing the malware from spreading to synchronized devices. Notify your technology service provider and your department head so action can be taken to remove the malware and block the virus from expanding further. Quickly reset your passwords and wait for further guidance from IT support.

You may also want to communicate with your friends and family about any strange emails they may receive in the future, so they are alert to potential phishing scams.

You’ve got bigger phish to fry.

The consequences of a breach could result in a damaged reputation, increased downtime, and loss of revenue, none of which your small to midsize business wants to experience. Partnering with a managed service provider provides the expertise, training, and peace of mind you need to keep your business running, even if a link does, unfortunately, get clicked.

CoreTech offers robust, multi-layered IT security and cybersecurity training for staff, which minimizes the chance they will click on a phishing link. Book an appointment with us today and build your business IT security stronger than ever.

Relevant Blog Posts

• The Phishing Baits Hackers Use to Reel You In
• What Anti-Spoofing Policies Can SMBs Use Against Phishing Attempts?
• Identifying TrickBot Hinges on Your Ability to Recognize Phishing Emails