A graffiti wit once daubed: “Be alert! The country needs lerts”.
The phrase has always stuck in my memory, and it sprang to mind last week because of one email I received, see to the right. It asked me to click through to update my billing card information for a recurring payment I had authorised, allegedly, in March 2017.
This was for a service offered by a company called WizAdwords. If I didn’t, then their service would lapse, and my website would drop off Google searches!
Now I’d like to think I’m a sophisticated web user, but that caught my attention and made me look twice – due to it’s sheer audacity.
Something was wrong
Now I knew I’d had no dealings with WizAdwords, not least because they appear to be from Sao Paolo, Brazil; and after a little googling it turns out much as they have a nice website the web is littered with warnings about their spam emails.
How many others could be sucked into thinking that if you didn’t pay that fee, then you could be delisted from Google?
For the avoidance of any doubt, Google has never charged anyone to be included in its search results.
The risk they warn you about won’t happen. But what could happen is that they plan to infect your website with malware, which once identified by Google’s Search Console will cause a warning alert to be displayed. Obviously this will impact on your rankings, but it will not cause Google to de-index your site.
91% of cyber attacks start with a similar phishing email. And auto renewals are a soft hook for scammers to use. We’re all busy, not least dealing with our portion of the 269 bn emails now sent every day, and by spreading their net wide, scammers need only a tiny percentage of recipients to respond to earn a lot of money.
Then they move on to a new attack, making it difficult for law enforcement agencies to shut them down.
But the enforcers do try: so, if you get a suspicious email, report it.
ActionFraud is the?UK's?national fraud and cyber crime reporting?centre, or go to the UK government’s own Avoid and report internet scams and phishing site.
In the USA, the equivalent is the FBI’s Internet Crime Complaint Center.
There is an upside to my story
The humble email newsletter is a resilient tool for publishers and advertisers alike – it’s personal (or should be) and predictable. People like it – and it has the highest ROI in digital marketing.
So in an uncertain digital world, global adoption of email continues to increase, despite the scammers’ activities.
Google also predicts that email will prosper, and its Accelerated Mobile Pages (AMP) standard is being made available to email developers. AMP is an open-source library that provides an easy way to create web pages are compelling, smooth, and load near instantaneously for users.
Another trend that will impact phishing is that by 2020, 30% of all browsing sessions will be voice conducted. Why is that relevant? Some scams look obvious, but as we look less, and listen more, scam artists’ attacks will proliferate, and we will all need to be even more alert. Habits are evolving – and new risks (or old risks in new email disguises) lie around every cyber corner.
Verification is the name of the game
Given the proliferation of identity theft-related crimes, credit card numbers are being revoked and reissued with increasing frequency, so an email asking you to update old details is credible, but it should also always be seen as a potential threat. Treat them as such, and verify it’s real before making any payment.
Auto renewals have become endemic with SaaS providers: that can be a lifesaver, when we’re all rushing to get today’s priority job done. But it’s also an opportunity for the scam artist, who relies on the fact that:
a) the service is plausibly attractive (keeping us high on the Search Engine results page (SERP)); and
b) with a time lapse of 12 months since we ‘signed up’, most of us will have forgotten we have it, even if it is legitimate.
It’s clear email is here to stay, but so too are hackers and phishing attacks, so for cyber security good practice, follow these tips.
- Never click a link in a suspicious email. First try the url by opening a tab in your browser and doing a search for the company. The 2016 Verizon Data Breach Investigations Report found that 58% (see p18) of incidents involved using user credentials compromised in phishing attacks. If you respond directly, you inadvertently give them a whole array of data to use to track you down. They know your email is valid, they probably see your email signature, with name and contact details, they can now look you up online and…
- Never open attachments on any email you are even slightly suspicious of. A virus could well be unleashed onto your operating system, and spread through your address book.
- Use a VPN to secure your internet connection. Your data is encrypted and so is kept secure and safely away from hackers’ eyes.
- Use multi-factor authentication. If you require a new contact to give you (and check) at least two pieces of evidence to verify their identity (eg a physical address and landline telephone number), then you should weed out any spammer in the process.
Check this great infographic for some other useful tips.
It’s easy to understand why some recipients act first and think later – with potentially catastrophic results. But if we all stay alert, we can prosper as the web continues to evolve.
Remember, Inspire will always be here to help you stay aware of emerging threats – and opportunities. To discuss any questions or concerns you have, call us on 01738 700 006