Phishing Attempts on the Rise

An image of a person fishing using a large red exclamation point as bait, to demonstrate how phishing e-mails use urgency to entice reactions.

Phishing (pronounced exactly like “fishing”) is when a bad actor sends out some bait into the cyber world in hopes of convincing a victim to bite. Once the victim is “on the hook”, the bad actor does everything they can to reel them in and make a profit before disappearing. The bait often takes the form of some sort of communication that creates a sense of urgency in the victim. The initial bait doesn’t always include a payment, sometimes they just want you to click a link or make contact. They just need an initial hook so they can work on reeling you in.

Some common baits include:

The IRS will seize your assets in 24 hours unless you click this link…
We have video from your webcam showing some embarrassing moments, send us money now or we’ll publish them to your friends.
We’ve been trying to get in touch with you about a large sum of money left to you by a distant relative. If we don’t hear from you in 12 hours, the money will be forfeited.
We’ve noticed suspicious activity on your (Amazon Account, Credit Card, Bank Account, etc.) in the amount of $1,234.56 paid to “WebcamWatchers.biz”. If you wish to dispute this charge, you must do so through our third party resolution company at this link in the next 4 hours or we will freeze your account.

By creating a sense of urgency, the bad actor attempts to remove the target’s ability and willingness to call for help as help is rarely immediate from law enforcement with respect to potential cyber crimes. By adding something potentially humiliating, no matter how untrue, the target is less inclined to ask for help even from friends and family.

When you receive any message that seems either too good to be true or seems like it might be trying to force you to act too urgently for your comfort, you should take a moment to think the situation through. No matter how urgent the message makes the situation seem, never respond and never click links. If you think the message might be valid, use a different system to contact the company being referred to using a phone number from your latest statement or the back of your card, but never from the message you received. In many cases, numbers found on the Internet can be less than trustworthy as well.

If all else fails, just delete the e-mail. If it’s truly important, they’ll send you a registered letter.

Rose Guard is a national non-profit with the mission to empower at-risk individuals, groups, and organizations with essential knowledge and skills in physical, technical, and cyber security.

Rose Guard is a national non-profit with the mission to empower at-risk individuals, groups, and organizations with essential knowledge and skills in physical, technical, and cyber security.