Summary: This concise blog discusses cyber security related to antivirus phishing. Learn how cybercriminals impersonate antivirus providers to scam users into clicking on malicious links. If you have additional questions about email phishing scams, contact DIGIGUARD CYBER SECURITY at 833-33-CYBER (833-332-9237) or visit www.DIGIGUARDsecurity.com to schedule a phishing assessment.
In discussions about IT security phishing, we have often warned readers to “think before they click.” Hackers count on the impulsivity of users to trick them into clicking on email spoofs designed to steal credentials and other private data by pretending to be from trusted sources. As a general cyber security rule, users should beware of any email asking for personal data or encouraging them to click on an embedded link. Unfortunately, the cyberattacking techniques have advanced and so have the lures for prompting impulsive clicks.
Imagine getting an email allegedly from Norton Antivirus warning you, “Your account is about to expire. Click this link to renew your cyber protection agreement before your computer is under cyberattack?” If you panic and react to the warning without checking its source first, you could unknowingly click on a malicious link and launch an attack. Furthermore, suppose you get such an email from a provider you don’t use, telling you that your account is expiring or that your antivirus subscription has been renewed. In that case, that email should be deleted along with any attached links it might have. Your constant diligence and scrutinizing of emails before clicking on any attachments or links is the first line of defense against being hacked by a phishing email. In addition, some phishing emails pretending to be from a legitimate cyber security provider will encourage the user to call a phone number to speak to a representative about their account. The bad actor, on the other end of the call, will use several manipulative tactics to further the nefarious goals of the scam:
Do not make the call. If you wish to speak with a live representative, the best way to validate the provider's legitimacy is to look up their number yourself. It is well worth your time.
It is worth noting that legitimate IT security services might request permission to access your computer to evaluate any problem you might be having. However, you should never allow access if you are not 100% sure you are dealing with a trusted company. Remember, once cybercriminals are granted access, they can steal all kinds of sensitive company or personal data, including passwords and browsing data. Also, sharing access allows cyber thieves to plant many types of malware (ransomware, adware, spyware and other attacks) directly into your computer.
Ironically, IT security phishing is used to panic users into impulsivity using the threat of their systems being left without IT security. Because most people have antivirus programs installed on their PCs, this scam is particularly interesting to scammers because the target landscape is so expansive.
All the major antivirus software companies, such as Norton, McAfee and Kaspersky, have extensive online forums to help users avoid email spoofs and answer any questions they might have.
As good as cybercriminals have gotten at phishing emails, there are a few telltale signs of and actions to prevent IT security phishing:
Businesses and individual users must develop their own meticulous best practices in handling emails and avoiding phishing scams. Ongoing cyber education is essential to recognizing and preventing phishing scams by endowing users with a heightened awareness of cyber risks and their role in preventing cyberattacks. Establishing simple email-handling protocols will help you and your company avoid deadly IT phishing scams.