A classic ploy for an email attack is to make the message so urgent that you do not think carefully before clicking on the link or opening the attachment.
The article below illustrates this ploy – the email creates a story where the result of not taking action is the loss of your email.
Pretending to be an Outlook Version Update – SANS ISC Diary
Other tactics are:
The Scare – if you do not do this you will have to pay this fine, loose control of an account, this delivery will not arrive etc
Too Good to be True – this is another classic, I am a UN official, banker, Prince of Grand Fenwick and for a small payment I will send you loads of money. Or here is your tax rebate just give me your bank details.
The Friendly Approach – please complete this business survey – and supply your bank details to pay the P&P on the wonderful free gift we will send you.
Official – from your bank, tax office, passport office or some other official body – please follow this link to update your details.
These are just a few examples but remember all of these emails will probably (almost) look like the real thing.
Here are a few questions you should ask yourself:
- Be observant – is the logo absolutely right
- Is the email and message laid out in a familiar way?
- Is the spelling and grammar correct?
- Is the salutation correct?
- If you are able check that the email addresses and domains/URLs are absolutely correct?
If in doubt do not follow a link from an email. In a new browser window go directly to the service/organisation website and check the situation out from there.
We run regular online training course the prepare business leaders and their teams defend themselves against these and other cyber security threats.
Clive Catton MSc (Cyber Security) – by-line and other articles