Posts

Clickbait: What It Is and How to Spot It

Clickbait

First off, let’s call these people what they are – cybercriminals. These people have always taken advantage of situations. Catching people when they are vulnerable is what they do. But, lately, these criminals have stooped to a lower level. As the world has become less stable, as the Covid outbreak has intensified and as people seek any form of reassurance they can get, cybercriminals have upped their clickbait game and are launching exactly the type of cyberattacks that will catch even the wariest people off guard. 

How are they doing it? Clickbait. A catchy email, or even text message, saying just what you want to hear, so you’ll click on it. And that’s it. Sometimes that’s all it takes for these cybercriminals to infiltrate your system or gain direct access to your bank account. 

So, today we want to take a deeper look at what clickbait is and how to spot it. This way, Somerbys IT can keep you as protected as possible during these uncertain times.

 

What is clickbait? 

Clickbait has been around for a long time but it’s constantly evolving and becoming more intelligent, effective and harmful. Essentially, it’s an email or text message that entices you to click something (often a link or an attachment) that contains malware. The moment you do, you open your system to the hackers behind the scam, and they can access credentials, steal data or completely paralyse your system. Their aim? To get you to pay a ransom. Even before the Covid crisis, ransomware was a huge threat to businesses, as we spoke about in our blog from earlier in the year: Ransomware – the Biggest Cyber Threat of 2020. 

In the past, these have been fairly simple to spot. An offshore prince saying he’d like your bank details to transfer some of his wealth to you, or a company promising to enlarge a certain part of your anatomy… but, these days, cybercriminals are much better at disguising themselves. Not only are they choosing topics you want to hear about, but they actually look like the companies they are impersonating.

Look at these examples:

Clickbait Clickbait

The first one appears to be from the World Health Organization (WHO) and the second one from the official government website. But both are fake – and excellent examples of clickbait. These are the types of cyberattacks that are rife at the moment, and you have to be on full alert to spot them.

 

How to spot and avoid clickbait 

Fear not, there are ways that you can spot and avoid clickbait. The National Cyber Security Centre website is a great place to read more about how to stay safe online, but here we want to give you some key things to look out for: 

Email address

Hackers try to imitate addresses, so watch out for subtle differences and misspellings. In the WHO example above ‘@who-pc.com’ is used, but a quick look at their website tells you their email addresses end in ‘@who.int’. Adding an extra dot is a common tactic, for example changing @paypal.com to @pay.pal.com, or changing certain letters like ‘@government’ to ‘@governrnent’. Even if the sender name looks legitimate, hover your cursor over it to see the full email address. 

Badly written 

Given that many scams originate from overseas, a badly worded email is a giveaway sign. While a spell check can catch most errors, it can’t catch all grammar mistakes. Look at the emails above and you’ll see what we mean. The GOV.UK one talks of a ‘precaution measure’ instead of a ‘precautionary measure’ and also that ‘the government established new tax refund programme’ when it should be ‘the government has established a new tax refund programme’. Also look out for impersonal greetings and bizarre sign-offs. The WHO email uses ‘Dear Sir/Madam’, which is far too formal; also, these days, most emails are personalised. 

Suspicious attachments and links

Never open an attachment or click on a link unless you are 100% sure about who it has come from. This sounds obvious, but the targeted Covid scams we’re seeing are even fooling the experts. Links are often hidden by buttons to try to trick you – again, like with emails, hover over the button and you’ll see the link, and, if it looks suspicious, don’t click it. 

Asking for personal or bank details

This should set off alarm bells straight away. Any company that legitimately needs these details will take you through a set of security questions; you will never be asked via email or text. 

Time limits

Question anything that gives you a short time limit or creates urgency. ‘Get this cure before they run out’, ‘Tax returns available in the next 24 hours only’, and ‘Government paying grants to the first 100 people to register’ are all strategies being used by cybercriminals right now. 

 

If you do spot anything suspicious, then mark it as spam and delete it straight away. And, in the event that you do get caught out, we urge you to get in touch. Many hackers access your system and lie in wait for what can be months, collecting as much data as possible before compromising your system. The sooner we act, the less damage will be done.

Protect Your Company Against Soaring Cyber Crime During COVID-19

Challenges of cyber crime are tough at any time – and now is no different. In fact, it’s worse. As nations all over the world start to work from home, the hackers are still out there, and, sadly, they are sat rubbing their hands as the digital world becomes more vulnerable. They are using this swift transition to remote working, and the disruption and the inevitable confusion that comes with the COVID-19 measures to their distinct advantage.

You may have read our blog from earlier in the year Ransomware – The Biggest Cyber Threat of 2020. Big companies such as Travelex have already been hit with major breaches this year, where hackers had accessed their systems months before and lain in wait for the right moment to strike. Well, now is the right time for hackers and, as the dependency on digital infrastructures increases, so does the risk of cyber crime. 

 

And the stats prove it…

● According to SentinelOne, the number of attempted cyberattacks from 23rd February to 16th March stood at 145 threats per 1,000 endpoints, compared to 30 or 37 at the start of that period.
● The National Fraud Intelligence Bureau reported losses of over £800,000 due to COVID-19 cyber scams in February – and this was for the UK alone.
● Check Point Research reported that 4,000 COVID-19 domains have been registered this year, many of which will be being used as bogus websites for cyber crime.

 

The hackers are unscrupulous in their approach – they are targeting businesses that have had to move quickly to remote operations, they are benefitting from the fact that people are generally spending more time online while in lockdown, and they are shamelessly targeting people who are vulnerable and needing more information at a time of uncertainty. 

Phishing attempts are happening via email and increasingly by text, and all it takes is one click on a link and you could find your company paralysed as hackers infiltrate your system. 

 

What you can do to combat COVID cyber crime

At Somerbys IT, we want to support as many businesses as possible during this uncertain time, so we have put together a list of steps you should be taking to give you heightened protection.

 

Company laptops only – make sure all your staff have the correct kit and that they are using it. It’s very easy to get complacent and reach for a personal laptop just because it’s to hand.
VPN – if a home network isn’t secure, it could compromise the whole company system. Accessing systems with a VPN will offer better security.
Multi-factor authentication – this should be used for all internet-accessible services, including systems you access every day, like emails.
Password managers – tools like LastPass are perfect for generating and storing secure passwords. Using the road you live on plus the year you were born in simply isn’t good enough.
Clickbait – hackers are pros when it comes to enticing people to click on a link. Take a moment before clicking. Question everything. Drive this home to your team.
Screen lock – screen locks should be used when you’re away from your desk – even at home. Why? Kids and pets. While you’re making a cup of tea, all it takes is for little hands or paws to appear and click something they shouldn’t.
Run all updates – while bearing clickbait in mind, be sure to run all official updates for your devices. Otherwise, you are leaving them more open and vulnerable to attack.
Policies – now is a good time to update and circulate company policies so everyone is on the same page. These should include policies on security, remote working, mobile devices and personal devices.

 

As a business owner, you are handing out a lot of trust to your employees at the moment. With the crossover between home and work, it’s easy to become more relaxed. You’ll need to keep reminding them to stay vigilant. With this in mind, we’ve made this handy downloadable PDF that you can send on to your team to keep them, and your business, on a secure track:

A Reminder of How to Keep Cyber Safe During COVID-19

Whilst COVID-19 is putting immense strain on businesses, this is not the time to start cutting your IT costs. IT has become simultaneously more valuable and vulnerable than ever and the last thing you need is to be dealing with a cyberattack that compromises your system.    

This is the question you need to ask yourself – are my employees’ home networks as secure as the office network? If the answer is no, we urge you to get in touch so that we can help you. Remember, you don’t have to do it on your own – this is where our skills lie and we’ll be able to offer you quick solutions to keep your company protected.

Cisco Umbrella – What an Extra Layer of Online Security Could Mean to Your Business


As a business owner or even just an internet user, you’re more than aware of the threat of cybercrime. It’s no longer just the obvious scams from our Nigerian friends or fake calls from people pretending to be your bank.

Now, online where we spend more and more time, you’re up against an army of cyber criminals, keen to lock you out of your website, take it down and charge you to get it back.

From phishing to malware and targeted attacks, you have to have eyes on everything and more. Is it any wonder we’re hearing about more and more attacks in the news?

Earlier this year, Yahoo had 3 billion accounts compromised while Equifax reported that they may well have had over 44 million people’s personal details stolen in a recent data attack.

It puts that dodgy PDF attachment into perspective, doesn’t it?

But small businesses are very much under fire, and away from the banks and Scotland Yard those cyber nasties are after your machine to hold you ransom or steal enough details to make some money from your identity.

We all know we need security for our internet and our devices, and for years we’ve been helping our customers with security packages.

But like the online viruses, we need to evolve and get more intelligent.
Read more

Cyber Security: How to Protect Yourself from Malware, Ransomware, Phishing etc

Advice on protection from Viruses, Malware, Ransomware and Phishing

More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber criminals.

In the past, many smaller businesses downplayed the possibility of security threats because they believed they were too small for hackers to target. However, most businesses have become more self-aware in recent years, realising that being under-protected, and under-funded, has made them attractive targets for cyber criminals.

The best practice is to employ multiple layers of protection.  Nothing guarantees 100% security and rarely will a single layer stop the threat in its tracks. Malware is multi-faceted and changing by the minute, however, and multiple strategies significantly increase your chances of staying safe.

See below for some essential layers of defence from current cyber security threats.  Realistically, each aspect needs to be in place to avoid leaving an “open door” for attackers.

Read more

Don’t get caught like the NHS…Tech News – May 2017

 

 

Hi, how are you? Things have been very interesting since we last spoke, with a huge cyber attack, shock election news and a rather busy month in the Somerbys IT office. How about you? Our team have been busy smashing targets on their training, too. Apprentice Lewis Pole passed a Microsoft Server Essentials exam and Ben Brotherhood (a former apprentice) passed his first of two Microsoft Office 365 exams. This only goes to add to our commitment to staff development and also understanding today’s relevant tech. Well done, both. We need your help (in exchange for chocolate!)

If you had an issue with your tech or IT (and you could still get online) what would you Google? How would you search online for help with your IT challenges? What would you type?

Could you possibly tell us by dropping us an email with your answer? We’d be very grateful to you. In fact… we’d send you chocolate from Hotel Chocolat! We’ll put everyone in a prize draw and a random winner will be sent treats. We guarantee you this is the only time you’ll share your internet habits in exchange for chocolate… maybe. Please send emails to info@somerbysit.co.uk

Here’s The Best Of The News To Keep You Up-to-date With IT

Read more