Have you noticed how young children love to click on buttons? There are loads of tempting opportunities in lifts, on zebra crossings, on parking meters and of course a veritable overload of buttons waiting to be pressed at the Science Museum and other interactive exhibitions.

Perhaps you never lose that curiosity to see what happens if you just “click here”. Certainly, cybercriminals are banking on your doing just that!

  • Have you wondered why a hacker would bother to try and trick you into clicking on an email link?
  • Do you reckon you wouldn’t fall for such a scam?
  • What harm would you come to anyway if you did click on the link?

Cybercriminals have been more active than ever this year. The combination of government initiatives and product offers to help during lockdown (which you have to sign up for) and the fact that a large number of computer users are isolated, either working from home or in deserted offices, have meant that plausible emails are appearing in your inbox precisely when you have no sounding board from colleagues to discuss these with.

I thought you might find it helpful to learn what actually happened in a real case we have seen recently.

The first thing to note is that it is often easier to spot a dodgy email on a computer – you can hover your mouse over the link and see if the true destination matches the stated address. It’s not so simple on a phone, especially when an email appears to come from a sender you have been expecting to hear from. Before you know it, the link is clicked and the hacker is unleashed!

So, what happens when you “click here”?

The cybercriminal’s goal in the recent example was to get you to divulge your username and password.

You are told to log in to your Microsoft account to get access to a document.

If you have no additional security (MFA – multi factor authentication – for example), the password will give instant access to your emails.

If you use the same password to access other sites, the hacker now has the keys to your kingdom.

The hacker can now send out emails to your contacts using your email system with your email signature – it will look realistic because it IS your real email account. The only things that can still appear dodgy are the writing style and the subject matter.

What if someone replies to one of these emails? You don’t get to see the reply in your inbox as rules have been put in place to direct responses into your deleted items. The hacker can interact with your contacts without your being aware of anything going on.

What do these emails say?

They could simply be an attempt to harvest yet more user credentials – username and passwords – from your contacts or they could be more blatant requests for money, telling recipients of your invoices that the company bank account details have changed, for example.

We saw an attack in action recently, and people questioning the instructions they had received by email were given assurances that they should follow the instructions emailed to them. Our new customer only discovered the awful truth when one of the victim’s contacts became suspicious and picked up the phone to check if our customer had actually sent it.

If you are under attack, what should you do?

  • Change your password immediately, ideally to something unique and complex.
  • Add extra layers of security to your emails so that login is not possible with just a password.
  • Turn on the audit log (amazingly, this is not turned on by default).
  • If the audit log was in place, you can check account activity.
  • Warn your contacts that your emails have been hacked.
  • Inform the Information Commissioner about the data breach (GDPR).
  • Consider setting up a spam filter to stop the dodgy emails hitting your inbox in the first place.

Another variant of email attack is known as CEO fraud. The hacker still infiltrates the email system, but the messages are directed to colleagues, encouraging them to make urgent payments. You can learn more in our blog based on Little Red Riding Hood and the Big Bad Wolf – CLICK HERE if you dare! I promise the link is safe.

Stay safe

Cybercriminals are a constant threat, and no security can protect you 100%. Education will go a long way to putting everyone on their guard; I hope that this blog has helped you to understand the mechanics of an attack.

If you suspect you are under attack, please call Computer Troubleshooters for help – 01732 300064.

If you would like to beef up your defenses, we are here to help too.