Clickbait: What It Is and How to Spot It

Clickbait

First off, let’s call these people what they are – cybercriminals. These people have always taken advantage of situations. Catching people when they are vulnerable is what they do. But, lately, these criminals have stooped to a lower level. As the world has become less stable, as the Covid outbreak has intensified and as people seek any form of reassurance they can get, cybercriminals have upped their clickbait game and are launching exactly the type of cyberattacks that will catch even the wariest people off guard. 

How are they doing it? Clickbait. A catchy email, or even text message, saying just what you want to hear, so you’ll click on it. And that’s it. Sometimes that’s all it takes for these cybercriminals to infiltrate your system or gain direct access to your bank account. 

So, today we want to take a deeper look at what clickbait is and how to spot it. This way, Somerbys IT can keep you as protected as possible during these uncertain times.

 

What is clickbait? 

Clickbait has been around for a long time but it’s constantly evolving and becoming more intelligent, effective and harmful. Essentially, it’s an email or text message that entices you to click something (often a link or an attachment) that contains malware. The moment you do, you open your system to the hackers behind the scam, and they can access credentials, steal data or completely paralyse your system. Their aim? To get you to pay a ransom. Even before the Covid crisis, ransomware was a huge threat to businesses, as we spoke about in our blog from earlier in the year: Ransomware – the Biggest Cyber Threat of 2020. 

In the past, these have been fairly simple to spot. An offshore prince saying he’d like your bank details to transfer some of his wealth to you, or a company promising to enlarge a certain part of your anatomy… but, these days, cybercriminals are much better at disguising themselves. Not only are they choosing topics you want to hear about, but they actually look like the companies they are impersonating.

Look at these examples:

Clickbait Clickbait

The first one appears to be from the World Health Organization (WHO) and the second one from the official government website. But both are fake – and excellent examples of clickbait. These are the types of cyberattacks that are rife at the moment, and you have to be on full alert to spot them.

 

How to spot and avoid clickbait 

Fear not, there are ways that you can spot and avoid clickbait. The National Cyber Security Centre website is a great place to read more about how to stay safe online, but here we want to give you some key things to look out for: 

Email address

Hackers try to imitate addresses, so watch out for subtle differences and misspellings. In the WHO example above ‘@who-pc.com’ is used, but a quick look at their website tells you their email addresses end in ‘@who.int’. Adding an extra dot is a common tactic, for example changing @paypal.com to @pay.pal.com, or changing certain letters like ‘@government’ to ‘@governrnent’. Even if the sender name looks legitimate, hover your cursor over it to see the full email address. 

Badly written 

Given that many scams originate from overseas, a badly worded email is a giveaway sign. While a spell check can catch most errors, it can’t catch all grammar mistakes. Look at the emails above and you’ll see what we mean. The GOV.UK one talks of a ‘precaution measure’ instead of a ‘precautionary measure’ and also that ‘the government established new tax refund programme’ when it should be ‘the government has established a new tax refund programme’. Also look out for impersonal greetings and bizarre sign-offs. The WHO email uses ‘Dear Sir/Madam’, which is far too formal; also, these days, most emails are personalised. 

Suspicious attachments and links

Never open an attachment or click on a link unless you are 100% sure about who it has come from. This sounds obvious, but the targeted Covid scams we’re seeing are even fooling the experts. Links are often hidden by buttons to try to trick you – again, like with emails, hover over the button and you’ll see the link, and, if it looks suspicious, don’t click it. 

Asking for personal or bank details

This should set off alarm bells straight away. Any company that legitimately needs these details will take you through a set of security questions; you will never be asked via email or text. 

Time limits

Question anything that gives you a short time limit or creates urgency. ‘Get this cure before they run out’, ‘Tax returns available in the next 24 hours only’, and ‘Government paying grants to the first 100 people to register’ are all strategies being used by cybercriminals right now. 

 

If you do spot anything suspicious, then mark it as spam and delete it straight away. And, in the event that you do get caught out, we urge you to get in touch. Many hackers access your system and lie in wait for what can be months, collecting as much data as possible before compromising your system. The sooner we act, the less damage will be done.

Protect Your Company Against Soaring Cyber Crime During COVID-19

Challenges of cyber crime are tough at any time – and now is no different. In fact, it’s worse. As nations all over the world start to work from home, the hackers are still out there, and, sadly, they are sat rubbing their hands as the digital world becomes more vulnerable. They are using this swift transition to remote working, and the disruption and the inevitable confusion that comes with the COVID-19 measures to their distinct advantage.

You may have read our blog from earlier in the year Ransomware – The Biggest Cyber Threat of 2020. Big companies such as Travelex have already been hit with major breaches this year, where hackers had accessed their systems months before and lain in wait for the right moment to strike. Well, now is the right time for hackers and, as the dependency on digital infrastructures increases, so does the risk of cyber crime. 

 

And the stats prove it…

● According to SentinelOne, the number of attempted cyberattacks from 23rd February to 16th March stood at 145 threats per 1,000 endpoints, compared to 30 or 37 at the start of that period.
● The National Fraud Intelligence Bureau reported losses of over £800,000 due to COVID-19 cyber scams in February – and this was for the UK alone.
● Check Point Research reported that 4,000 COVID-19 domains have been registered this year, many of which will be being used as bogus websites for cyber crime.

 

The hackers are unscrupulous in their approach – they are targeting businesses that have had to move quickly to remote operations, they are benefitting from the fact that people are generally spending more time online while in lockdown, and they are shamelessly targeting people who are vulnerable and needing more information at a time of uncertainty. 

Phishing attempts are happening via email and increasingly by text, and all it takes is one click on a link and you could find your company paralysed as hackers infiltrate your system. 

 

What you can do to combat COVID cyber crime

At Somerbys IT, we want to support as many businesses as possible during this uncertain time, so we have put together a list of steps you should be taking to give you heightened protection.

 

Company laptops only – make sure all your staff have the correct kit and that they are using it. It’s very easy to get complacent and reach for a personal laptop just because it’s to hand.
VPN – if a home network isn’t secure, it could compromise the whole company system. Accessing systems with a VPN will offer better security.
Multi-factor authentication – this should be used for all internet-accessible services, including systems you access every day, like emails.
Password managers – tools like LastPass are perfect for generating and storing secure passwords. Using the road you live on plus the year you were born in simply isn’t good enough.
Clickbait – hackers are pros when it comes to enticing people to click on a link. Take a moment before clicking. Question everything. Drive this home to your team.
Screen lock – screen locks should be used when you’re away from your desk – even at home. Why? Kids and pets. While you’re making a cup of tea, all it takes is for little hands or paws to appear and click something they shouldn’t.
Run all updates – while bearing clickbait in mind, be sure to run all official updates for your devices. Otherwise, you are leaving them more open and vulnerable to attack.
Policies – now is a good time to update and circulate company policies so everyone is on the same page. These should include policies on security, remote working, mobile devices and personal devices.

 

As a business owner, you are handing out a lot of trust to your employees at the moment. With the crossover between home and work, it’s easy to become more relaxed. You’ll need to keep reminding them to stay vigilant. With this in mind, we’ve made this handy downloadable PDF that you can send on to your team to keep them, and your business, on a secure track:

A Reminder of How to Keep Cyber Safe During COVID-19

Whilst COVID-19 is putting immense strain on businesses, this is not the time to start cutting your IT costs. IT has become simultaneously more valuable and vulnerable than ever and the last thing you need is to be dealing with a cyberattack that compromises your system.    

This is the question you need to ask yourself – are my employees’ home networks as secure as the office network? If the answer is no, we urge you to get in touch so that we can help you. Remember, you don’t have to do it on your own – this is where our skills lie and we’ll be able to offer you quick solutions to keep your company protected.

Ransomware – The Biggest Cyber Threat of 2020

As one year closes and another one begins, it’s always worth sitting down and taking stock. At Somerbys IT, we do this for a number of reasons, not least to look at what the major cyber risks are likely to be for the upcoming year. This way, we can stay ahead of the game and keep our clients as safe as possible.

For 2020, it’s plain to see that one of the biggest threats is ransomware. Travelex has been all over the news lately after a cyber-breach was detected on New Year’s Eve. Hackers gained access and threatened to release customers’ personal data, including payment card details, unless Travelex paid them £4.6 million. 

We are seeing more attacks on smaller businesses year on year, and whilst technology and cybersecurity advance at great pace, ransomware is right on their heels – morphing, evolving, and being operated by ever more intelligent hackers. And the statistics prove it…

Read more

Cyber Attacks on Small Businesses – The Stats You Cannot Ignore!

Is your business too small to be hit by a cyber attack? No, is the simple answer. The latest research from the Federation of Small Businesses (FSB) shows that small businesses fall victim to almost 10,000 cyber attacks per day. That’s 8.64 per second. And those are only the successful attacks. Many, many more are attempted.

So why are small businesses not protecting themselves against these attacks? Quite simply, they don’t think they are big enough to be a target. While this is completely understandable, the stats prove that cyber security should be a major cause for concern, even for the smallest of businesses. In the 30 seconds it’s taken you to read this introduction, almost 260 cyber attacks have been carried out on SMEs.

 

Cyber security stats for SMEs

The Cyber Security Breaches Survey is an annual governmental report that evaluates how UK organisations approach cyber security, as well as the impact of breaches that occur.

The findings show that over a third of micro and small businesses have suffered cyber breaches or attacks. Think about the last small business networking event you went to. Over 30% of the people in the room had potentially been hit by a cyber attack.

Yet, despite this, many small businesses are not taking the right steps to protect themselves. The FSB found that over a third of SMEs haven’t installed any form of security software and around 40% fail to carry out regular software updates and back up data and systems. These statistics are consistent with the number of successful attacks, so prove that protection is key.

When participants in the Cyber Security Breaches Survey 2019 were asked why they didn’t have cyber security policies or other measures for risk management, 35% said they were too small, 21% admitted cyber security wasn’t a priority for them, and 19% simply didn’t see it as a risk. Again, the stats demonstrate that these reasons aren’t valid.

 

The impact of small business cyber breaches

The impact on small businesses can be disproportionately severe. The business is small, and, in all likelihood, won’t be able to bounce back like a larger company. Even if they could cover the direct costs, the indirect costs can be devastating, such as a slowdown in productivity, a dip in team morale and the inevitable damage to reputation. The FSB estimates the costs of cyber attacks on small businesses to be £4.5 billion per year.

Losing thousands of pounds isn’t the worst-case scenario, though. Sadly, a large proportion of SMEs that fall victim to a cyber attack will not survive. While there don’t seem to be UK statistics for this, a US study found that 60% of SMEs go out of business within the six months following a cyber attack.

 

What’s the first step in protecting your small business?

 If this is making for uncomfortable reading, it’s probably because your small business doesn’t have the correct level of cyber security. But it can be daunting knowing how to approach it.

Here at Somerbys IT, we always advise carrying out a cyber security audit as the first step.

Our Cyber Security Audit service includes a face-to-face meeting with one of our team, who will take you through a list of questions to find out how secure your system is. From this, we will be able to highlight any gaps, get a clear picture of any potential threats, and create a bespoke action list for your company. It may even be possible for us to detect if you’ve already had a breach that may have gone unnoticed.

If this is something you are interested in hearing more about, get in touch with our friendly team today.

Cisco Umbrella – What an Extra Layer of Online Security Could Mean to Your Business


As a business owner or even just an internet user, you’re more than aware of the threat of cybercrime. It’s no longer just the obvious scams from our Nigerian friends or fake calls from people pretending to be your bank.

Now, online where we spend more and more time, you’re up against an army of cyber criminals, keen to lock you out of your website, take it down and charge you to get it back.

From phishing to malware and targeted attacks, you have to have eyes on everything and more. Is it any wonder we’re hearing about more and more attacks in the news?

Earlier this year, Yahoo had 3 billion accounts compromised while Equifax reported that they may well have had over 44 million people’s personal details stolen in a recent data attack.

It puts that dodgy PDF attachment into perspective, doesn’t it?

But small businesses are very much under fire, and away from the banks and Scotland Yard those cyber nasties are after your machine to hold you ransom or steal enough details to make some money from your identity.

We all know we need security for our internet and our devices, and for years we’ve been helping our customers with security packages.

But like the online viruses, we need to evolve and get more intelligent.
Read more

Cyber Security: How to Protect Yourself from Malware, Ransomware, Phishing etc

Advice on protection from Viruses, Malware, Ransomware and Phishing

More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber criminals.

In the past, many smaller businesses downplayed the possibility of security threats because they believed they were too small for hackers to target. However, most businesses have become more self-aware in recent years, realising that being under-protected, and under-funded, has made them attractive targets for cyber criminals.

The best practice is to employ multiple layers of protection.  Nothing guarantees 100% security and rarely will a single layer stop the threat in its tracks. Malware is multi-faceted and changing by the minute, however, and multiple strategies significantly increase your chances of staying safe.

See below for some essential layers of defence from current cyber security threats.  Realistically, each aspect needs to be in place to avoid leaving an “open door” for attackers.

Read more

Don’t get caught like the NHS…Tech News – May 2017

 

 

Hi, how are you? Things have been very interesting since we last spoke, with a huge cyber attack, shock election news and a rather busy month in the Somerbys IT office. How about you? Our team have been busy smashing targets on their training, too. Apprentice Lewis Pole passed a Microsoft Server Essentials exam and Ben Brotherhood (a former apprentice) passed his first of two Microsoft Office 365 exams. This only goes to add to our commitment to staff development and also understanding today’s relevant tech. Well done, both. We need your help (in exchange for chocolate!)

If you had an issue with your tech or IT (and you could still get online) what would you Google? How would you search online for help with your IT challenges? What would you type?

Could you possibly tell us by dropping us an email with your answer? We’d be very grateful to you. In fact… we’d send you chocolate from Hotel Chocolat! We’ll put everyone in a prize draw and a random winner will be sent treats. We guarantee you this is the only time you’ll share your internet habits in exchange for chocolate… maybe. Please send emails to info@somerbysit.co.uk

Here’s The Best Of The News To Keep You Up-to-date With IT

Read more