The number of ransomware attacks against businesses skyrocketed in 2016, and security researchers do not expect a slowdown anytime soon. They are also predicting that ransomware attacks will become more sophisticated. What won’t be changing, though, is the delivery method. Cybercriminals will continue to spread ransomware primarily through phishing and spear phishing emails, according to PhishLabs’ “2017 Phishing Trends & Intelligence Report”.
In phishing and spear phishing emails, hackers masquerade as reputable individuals or legitimate organizations in order to carry out their attacks. Phishing emails are typically generic and sent out to the masses, whereas spear phishing emails are personalized and sent to specific individuals. In both types of emails, cybercriminals use a convincing pretense to lure the recipients into performing an action. Often, the hackers want the recipients to click a link that will send them to a malicious website.
A simple but effective way to combat ransomware and other types of cyberattacks initiated through phishing and spear phishing emails is to have your employees check links before clicking them. A deceptive link is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate organization’s name (“PayPal”) or web address (“https://www.paypal.com”), but the actual URL leads to a malicious website. Employees can check a link’s actual URL by hovering their pointer over the link (without clicking it). The actual URL will appear in the lower corner of the web browser or near the pointer, depending on the email client.
Employees should get in the habit of checking every email link they want to click, even if the message appears to be from someone they know. If a URL seems suspicious (e.g., the displayed web address does not match the actual URL), they should not click it.
When discussing the importance of checking links before clicking them, you should provide examples of suspicious links so employees know what to look for. It also helps to include examples of legitimate links that they might encounter in their jobs.