Watch out for spam emails that capitalize on current events

Cybersecurity experts report a recent rise in phishing emails — particularly those that capitalize on current events and recommend “immediate action.” Specific examples of this include urgent alerts that play on fears about global instability, stating that unknown users have logged into an account from an IP address in Moscow or Kyiv.

 

Many Twitter users report a social media-specific version of this, posting screenshots of fake user notifications they have received about attempted logins from Russia or Ukraine. Large universities have also revealed password reset alerts that purport to come from an IT department and ask a user to log in immediately to check the security of their password.

 

What these diverse phishing attempts all have in common is what happens after unsuspecting users click a link or reply to a message — they are asked to share private information to confirm account security. Sometimes, this occurs on an illicit site that surreptitiously steals credentials or personal data; sometimes, a user will see a fresh email open that includes a pre-filled message meant to lure them deeper into a scam.

 

No matter the avenue of attack, users across the globe are at risk right now, especially during a period of heightened cybersecurity awareness. Given current world events, anything that mentions unusual activity from Russia or Ukraine is sure to make anyone do a double-take, serving as particularly enticing bait for hackers who are always looking to change their tactics.

 

How can you protect yourself, your business, and your colleagues from these new phishing attempts?

 

Use caution with any email urging immediate action. Every unsolicited email should raise a red flag. But how can you recognize one when it looks like a real notification from a legitimate platform or application? First, look for any typos, inaccuracies, or awkward phrases in the subject line and body copy, along with unusual sender names or addresses.  

 

Never open unfamiliar attachments or click suspicious links in an email. These are far more common than many people think — if someone sends a shipping update or monthly invoice that looks like it comes from a legitimate sender, human nature means we’re curious to see whether it’s real or not. Unless you’re expecting a specific file from a trusted colleague, be wary of any attachments — especially if the email urges you to open it now or tries to deploy personal information to trick you with so-called social engineering. In addition, don’t just click a link because you’re encouraged to do so; hover your mouse over the URL first to see whether the displayed website matches what’s in the email. 

 

Beware of long strings of nonsensical characters or any major differences between the link in the email copy and the preview link that shows up when you hover over it.

 

Use multifactor authentication or a two-step process to log in to any account. If you do visit a website you’re not sure about or respond to an email asking for information, all hope is not lost yet. 

 

It’s the next step that’s often most important: if you’re being asked to confirm a username or password, look for an option to send yourself a unique code via text message or receive a unique link via email to log in.  

Invest in security awareness training for your staff.  

 

Partner with a trusted IT provider to enhance cybersecurity.  

 

Given today’s hyperactive digital landscape, where breaking news and trending topics often dominate the conversation, hackers will continue to evolve to try and trick even the savviest computer user. 

 

These tactics always increase alongside instability, with bad actors trying anything to steal data and compromise private information.

 

Amy Justis is a Daniel Island resident who owns CMIT Solutions Charleston.