At Blue Ridge Technology, we talk a lot about cybersecurity, and we publish about it on this blog regularly, too. Why? Because digital threats are one of the biggest risks that businesses, including our clients, could face.
It’s vitally important to have strong cyber defenses in place (and we’re certainly ready to audit your hardware, network, and software defenses to find any vulnerabilities—just reach out today).
But it’s just as important to train yourself and your employees or teammates on how to be aware of cyber threats. In other words, cyber awareness training is just as valuable as the best firewalls and endpoint protection systems.
That may sound like a bold claim, but it’s true. The most common digital attacks don’t happen by bad guys brute forcing their way through your firewall. They happen because someone on your team makes a mistake.
Your Biggest Cybersecurity Threat Is on Your Payroll
As crazy as it sounds, your biggest cybersecurity threat isn’t some nefarious group of hackers intent on destroying your business. (At least, not directly.)
Your biggest threats are the people you’re paying to keep your business running and growing. Even you yourself could be a threat!
We’re talking about phishing attacks and other social engineering attacks that trick your legitimate employees into willingly (but unwittingly) turning over vital information or credentials to the bad guys.
We’ve written before about phishing schemes on this blog, but today we’re focusing on a specific tactic that’s usually present in every single social engineering scheme: urgency.
Why Urgency Is a Huge Red Flag
The most effective scammers rely on psychological realities as they craft their attacks. They know that urgency spurs people to action — and that it often bypasses critical thinking.
That’s why you get those ridiculous robocalls telling you that the IRS is going to arrest you or trying to get you to “verify” that expensive laptop you “bought” on Amazon. Step back for one second and the scheme is obvious (the IRS doesn’t even have police capabilities). But in the moment, plenty of people fall prey, in part because of the urgency.
The phishing email examples you’re aware of or have seen in your own inbox do the same thing: There’s a problem with your banking information or your Apple ID or your Microsoft business account or some other very important account, and you need to take action NOW to secure it.
Hopefully you and your team are already equipped to detect standard phishing schemes and delete them right away. But now there’s a new approach that’s tricking people even more.
Tick, Tick, Tick
This new phishing attack starts the same way as most: you get an email warning you about a suspicious login attempt or transaction in some crucial account. There’s a link or button to click, of course, and if you click, you end up on a website with a prominent countdown timer.
The page warns you that if you don’t take action to correct the problem, your account will get deleted when the timer runs out.
Of course, if you attempt to log in and fix the problem, boom— the bad guys stole your credentials.
Now, as you read this post, we’ve already made you skeptical. You can see straight through it, right? With no real pressure or urgency, it’s easy to think through how no website or account you’ve ever held has legitimately set an account to auto-delete after an hour. That’s just not how anyone does business. Likewise, when you’re not actually worried about losing your account, it’s easy to notice the typos and just-a-little-off graphics in the email or on the page.
But urgency messes with all that. People —intelligent, tech-savvy people, even — get caught up in the urgency and give away their information or credentials.
So to sum up: beware of urgency, especially over email or text. It’s usually a trick of some kind, most often a phishing attempt.
That’s it for this week’s cyber awareness tip. For more, reach out to our team directly. We can secure your systems and train your staff on best practices.