Craig McDonald 09 November 2017 14:09:20 AEDT 5 MIN READ

Warning: Our Brains are on Autopilot Most of the Time...


You may have read the breaking story this week about the fraudulent
Netflix email that’s trying to steal people’s credit card details. It's been widely reported by major media outlets like USA Today, MSN and NBC, and in tech publications like WIRED and Mashable, just to name a few.

The MailGuard Blog was first to report on this threat Friday, 3 November. Fortunately for our clients, MailGuard identified and intercepted this criminal-intent email before it could reach their inboxes and do any harm.

 

Brandjacking is a Growth Industry

We are seeing phishing tactics like this on a daily basis. Cybercrime of this sort, where the criminals create a fake website that looks like a well-known company, is known as ‘brandjacking,' an approach that has a high success rate for cybercriminals because it taps into our subconscious assumptions.

Brands that are regularly being exploited by criminals include (but not limited to); financial institutions; telco's; utilities; and media companies, like Netflix on this occassion.

Marketers have known for years how to leverage our subconscious to make us spend; '90% of all purchasing decisions are made subconsciously' according to ISPO.com.  Our happy subconscious clicking - the trust that we place in brands - is putting us all at risk.

Criminals on the internet are more persistent, more cunning and better organised than ever before. They are masterful marketers, and they've learned how to ride on the back of big brand's trust-building to achieve their goals. I've often referred to the way that cybercriminals are 'outmarketing the marketers,' like in this post from last year.

 

Email is currently the biggest cybersecurity threat

More than 90% of internet crime is perpetrated via email. Most people can't recognise the tell-tale signs of a criminal email and will click on dangerous messages without thinking twice. In fact, 97% of people can't discern phishing emails from the real thing, and of those, nearly 25% will click on dangerous links. 

Millions of criminal-intent emails are sent every second, so the odds are good that at least one person in your office has seen these messages pop up in their inbox today.

 

Tell-tale signs of email scams:


If you get an email from ‘Netflix’ this week,
‘chill’ but think before you click.

There are a few ways you can check if an email is a scam:

  • Generic greetings, such as ‘Dear customer’
  • A sense of urgency: “Ensure your invoice is paid by the due date to avoid unnecessary fees”
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action
  • Obscure sending addresses that don’t match the real company’s domain URL
  • If in doubt, type the web address (URL) directly into your browser rather than clicking the link, or better still phone the company.


 

Follow me on social:


I regularly post about the latest criminal threats that MailGuard have stopped, and share my thoughts on cybercrime and how to keep your business and your team safe from harm.

To stay ahead of the latest criminal intent email threats, follow me on LinkedIn or Twitter.