You've Been Phished!

Luckily, this was an authorized phishing simulation

There are multiple methods a threat actor uses to get a reaction from the user.

Scroll through to learn about the different methods threat actors use.

Urgency

Urgency is the requirement of swift action.

The threat actor uses this feeling that you must act quickly or risk losing out, or face disciplinary action if not completed in the requested time frame.

Authority

Authority is the power or right to give orders, make decisions, and enforce rules.

This method is when a threat actor impersonates someone of authority and request something from a user. This makes the user feel like the request is coming from someone in charge, like a manager or CEO, making the user feel like they must do as requested.

Consensus

Consensus is a general agreement.

This method is used when a hacker claims that the requested action is normal or generally accepted. For example they will word an email like the following:

This is Mike from payroll, I have everyone in your department updated W-4 form, it looks like I am just missing yours. I need you to send your updated W-4 over as well.
People act when they believe they are in alignment with a large group.

Scarcity

Scarcity is the lack of goods and services. Threat actors use this anxiety to compel users to act without thinking.

The following are three examples:

  • You need to act quickly or risk losing out
  • Sale ends in 30 minutes
  • Not being able to find an item anywhere else online

Intimidation

Intimidation is the use of fear in order to make someone do what one wants.

An attacker uses this method by impersonating someone of authority and threatens negative action, or claims to have access to sensitive information and threatens to release it if you refuse to obey.

Familiarity

Familiarity is the close acquaintance with or knowledge of something.

The attacker uses this method to establish a common contact, friend, or familiar organization to gain trust. People like what is familiar to them, and are comfortable around people they perceive are like them.

Trust

Trust is the belief in the reliability, truth, ability, or strength of someone or something.

The threat actor uses this by posing as a mutual friend, someone the user may know, or a familiar organization to establish a feeling of trust.

Report It!

By questioning the validity of every email you can spot phishing attacks. If something seems inappropriate, unusual, or questionable and you cannot verify the veracity of the email, Report it!