Keeping Your Practice Safe Against Click Bait

May 2, 2024

All Articles

Did you know that according to the FBI, in 2022 it received more than 800K reports of phishing, with losses exceeding $10.3 billion? 
The 2022 Internet Crime Report form IC3 demonstrates how phishing scams have become significantly more detrimental to individuals and businesses. Phishing attacks accounted for 36% of all US data breaches in 2023, and for over a decade, Healthcare has remained the most costly industry for data breaches. (Phishing Attacks Statistics & Facts 2024 - Techopedia)

Did you know that 91% of successful data breaches started with a spear phishing attack? (Phishing Security Test (knowbe4.com)
Phishing is a type of cybercrime characterized as an act by criminals trying to trick you into divulging sensitive information or taking a dangerous action, like clicking on a malicious link or downloading an infected attachment. They achieve this by using an email disguised as a known contact or an organization you trust. Phishing scams often mimic legitimate communications from financial institutions, e-commerce websites, or government agencies, making it difficult for victims to recognize them. (How to Train Employees on Phishing Awareness: A Step-by-Step Guide | Hook Security Blog)

Unfortunately, people often believe phishing emails are legitimate. This is because phishing attacks are becoming increasingly sophisticated, and attackers are using advanced tactics to trick unsuspecting victims.

People are more likely to fall for a phishing scam when they are distracted, tired, or in a hurry. 

You need to be on alert and avoid the urge to click on enticing content on your homepage, emails, and cell phones. This method of deception is called, “click bait,” but do not be fooled! You may pay a hefty price. Stop…look…think… and make a good decision. If you are unsure, wait to proceed until you verify the content. 

Different forms and techniques of Phishing attacks include:
Email Phishing: (most common form) involves sending fake emails that closely resemble a legitimate site or source to convince the receiver to click on a malicious attachment or link.

Spear Phishing: targets an individual’s profile, preferences, or behaviors. These attacks are more sophisticated and are used to target organizations or high value individuals.

Smishing: uses text messages or SMS as a method to trick victims into providing sensitive information to the attacker. 

Vishing: a phishing attack that is carried out through phone calls intended to deceive victims into providing sensitive information over the phone. This type of attack may be in conjunction with another method to increase the attacker’s chances of being successful.

Helpful Tips:
Verify the sender and the request. If an email seems strange, is unexpected, asks you to reply with personal or financial information, or open an attachment, don’t do it! Verify that the request and sender are legitimate before taking any action.

Never click on a link without checking it first and verifying the information. Always hover over links to display the web address to ensure it is correct and matches what is displayed in the email. Look for differences like changes in spelling or special characters or numbers in addition to, or in place of, letters. If you are on a mobile device, you should wait until you get to a computer to check the link.

Stop, look, and think! 

If the email presents as urgent or trying to get you to act quickly, please, stop, look, and think about what they want you to do before you act.

All it takes is one click to damage your programs, interrupt operations, and introduce a virus into your system.

Phishing looks to leverage human emotions to prompt a response. It baits you into performing an action that you would not normally do and against your better judgement.  

These actions include:

  • Downloading an attachment
  • Sending sensitive information 
  • Clicking on a link

Be sure to stop and think before you click. Ask yourself, do I know who this is or what this is? Or, is this legitimate? If you are unsure, verify the sender. Just Ask!

Helpful things to look for and do:
  • Are you familiar with the sender?
  • Does the message contain poor grammar or misspelled words?
  • Are there suspicious links or unexpected attachments?
  • Does it promise you large sums of money?
  • Does it ask you to download something or click on a link?
  • Does it ask you to send personal information?
  • Does it threaten you with legal action if you do not comply?
  • Think before opening emails from unknown senders.
  • Confirm that the name and the email address are consistent.
  • Do not give out passwords or any other personal information to anyone in an email.
  • Report any suspicious emails to a manager or your IT department.

Final Points:
  • Look at the address line (it can be manipulated to say anything). Is it spelled correctly?
  • Do not trust logos and misconstrue them as credibility. They can be copied and pasted into phishing emails (easily stolen).
  • Look for red flags; inspect the sender’s address.
  • Master the mouseover (hover over the URL); never assume it is legit; think critically.