Never Act Urgently: How to Train Your Employees on Phishing Schemes
Phishing schemes are dangerous. They tug at our heartstrings.
Not you, you might think, and that's fair enough. Most of us have become immune to badly written stories from Nigerian princes or someone we don't know asking for help. They still work, of course, even if they don't work on you. All it takes is 1% of people responding (0.01% of people if a malicious actor has a big enough list) and they're in business.
But more modern phishing schemes don't try to target people's goodwill or sympathy. They rarely even try to target greed. Instead, they aim for fear. While bots and antimalware programs are getting better, they can't catch everything, and that means your company's employees have to be watchful. Here is one of the most common fear-based triggers in phishing schemes that your company needs to have a policy on:
The urgent third-party alert:
Everyone's gotten an email like this, and sometimes it's legitimate. You'll receive an email saying that there's been some sort of activity (usually linked to a bank account) and that you need to resolve it. They may even throw in a helpful confirmation link that only lasts for twenty-hours.
On legitimate emails, the short time frame is so there isn't a long-lasting hole into your account's security.
But on phishing schemes, the deadline is to fill you with urgency and make the recipient act more quickly than reasonably. And that helpful link goes to a mirror site where you'll be asked for your login and password before they can even begin to explain the real problem.
Whenever one of these phishing emails makes it into a corporate inbox, the recipients need to focus on two things:
- Urgent problems don't develop over email. If there's not a phone call, it can wait to be vetted and investigated.
- Never use the helpful link. This policy will fly in the face of human behavior, but it's important that the recipient opens a new tab and types in the domain without using the link in an external email.
Phishing schemes use emotion to drive careless action and responses. In office settings, the easiest way to do that is with urgency and fear.
For more ways to sync up your programs and policies against malware, call our team today on 1800 folio1.