Blog

How hackers use impulse buying techniques to steal your corporate data

Amaxra consultants were recently targeted by a criminal hacker. Key members of our team, all of whom are daily users of the Microsoft Office 365 suite of applications and cloud services, received the following scam email:


Everyone on the Amaxra executive team who received this scam email knew it was a phishing attempt for various business-related reasons. Our consultants have all been well trained to stop and think before clicking any links in an email that demands urgent action due to the prevalence of phishing attacks in the enterprise, which is exactly what this scam email attempted. While Amaxra had no problems with this particular attack, it is a problematic attack that your business should be concerned about.

Hackers are adapting their phishing methods

The reason this particular phishing email should be a concern is because at a glance there are none of the telltale mistakes that hackers typically make. One of those mistakes anyone can recognize is poorly-written email body copy. However, the body copy of the "Your Microsoft Email Account Will Expire In 48 Hours" phishing email Amaxra received had none of those bizarre spelling choices. It used to be that when you received an email in Outlook with text that had multiple misspellings and sentence structures that would be strange even if spoken backwards by a character in a David Lynch movie, you'd instantly know it was a phishing attempt.


Another common and visibly-obvious mistake criminal hackers make in a phishing email is the sender's email address. In the past, Amaxra has received phishing scam emails claiming to be from the Microsoft Online Services Team in the email signature, but if you looked at the "From:" line of the email in Outlook the address was from "msftonlinesvrces@gmail.com" (as an aside, I can't believe how lazy the hacker was that he couldn't even be bothered to sign up for a free Outlook email address). Unlike that pathetic example of a phishing email, this new phishing example even looks like it came from a legitimate Microsoft email. The "From:" email address was spoofed, but the good news is that Microsoft has new technology that protects businesses using Office 365 for corporate email against spoofing.

Although we also have programmatic security technologies to protect our email and other cloud-based data at Amaxra that flagged this particular phishing email, the most obvious sign this was a scam was that if you hovered your mouse over the big blue "Re-Activate" button, it would show a hyperlink that went to an unsecured server in an Eastern European nation rather than to Microsoft. You can use any desktop web browser to see if hyperlinks in emails are suspicious, but we realize this method is basically impossible to do on mobile platforms such as the iPhone.

It is clear that criminal hackers are learning from their mistakes—and adapting. So, how can you help your employees to be wary of these increasingly-sophisticated phishing emails without ruining your company's productivity? The best way is to understand and recognize that hackers are using a well-known psychological trick on you and your employees to click that malicious link.

The psychology of impulse buys in phishing emails

In business terms, criminal hackers are analogous to sales professionals marketing their product to a prospect. Since the product is a scam, the marketing has to be really good to snare a prospect. That's why most phishing emails share wording and calls to action similar to marketing emails from online retailers hunting for impulse buyers. I admit that I'm just as guilty about buying certain items without planning to do so in advance, so I'm not criticizing buying anything on sudden impulse. Because criminal hackers know how to tap into the psychological tricks behind an impulse purchase in their phishing scams, you can fight back by recognizing those tricks so as not to harm you or your business.

Generally speaking, there are three impulse buy tricks that criminal hackers use in phishing emails:

  1. The subject line is scary – Impulse buys do this with "don't miss out on this deal" subject lines while a phishing email's subject line typically warns you about some impending doom. If you rely on Microsoft Outlook email to do your job and you receive an email that appears to be from Microsoft saying access to email will be turned off in 48 hours, then you'd want to do whatever it takes to keep your email working. At most companies, individuals do not have budget authority to extend email access because their IT department would handle the administration of corporate email access. So, the rational response when receiving this email would be to contact the IT department to ask why Microsoft is sending you an email. But at this point, you are operating on fear.
  2. The email copy offers a simple solution – Once the fear of being disconnected from your business-critical emails laid out in the subject line takes hold, your only goal is to stay connected. The body of the email offers little information as to why you're being disconnected because the criminal hacker is using the same psychological trick used for many online impulse buys: remove all barriers. A rational response would be to wait while you contact your IT department, but this email offers the quick and easy "click here" to solve your problem by yourself. That simple solution in a phishing email works on the same level as the "one-click ordering" for impulse buys.
  3. The call to action is time sensitive – If the user is scared their Outlook email will stop working in 48 hours and the simple solution is to click a link to stay connected, then that's what the user will do. Just like an impulse buy tied to an online retailer's "flash sale" that only lasts a few hours, the hacker is pushing you to click that button before time runs out.

Stack the deck against the hackers

Recognizing when these psychological tricks are being used on you in a phishing email can help, but it's never a guarantee that you'll stay 100% secure. That's why adding a proactive cybersecurity solution such as Office Protect can provide another layer of security to your cloud-based email. If you and your employees currently use Office 365 and Outlook for your corporate email, then Amaxra can add Office Protect security starting at $1.50 per Office 365 mailbox/per month. Amaxra can even provide you with Office Protect regardless of whether or not you buy Office 365 through us.

Contact us at licensing@amaxra.com or call 425 749 7471 for a no-obligation consultation on how we can help you get more value from your software investment.

Comments

Subscribe to Our Blog

Get the latest news from Amaxra delivered to your inbox

Tags

{
  "moduleName": "tag_blogtaglist_2",
  "moduleDescriptor": {
    "templatePath": null,
    "parameters": ",collection=\"tagList\",template=\"\"",
    "apiEndpoint": "/api/v3/tag_blogtaglist_2",
    "objectType": -1,
    "objectId": -1,
    "adminUrl": ""
  },
  "items": [
    {
      "id": 359043,
      "name": "Azure Active Directory",
      "count": 4
    },
    {
      "id": 345675,
      "name": "Business",
      "count": 11
    },
    {
      "id": 345676,
      "name": "Business Analytics",
      "count": 9
    },
    {
      "id": 348247,
      "name": "Business Intelligence",
      "count": 12
    },
    {
      "id": 345678,
      "name": "Business Solutions",
      "count": 39
    },
    {
      "id": 345680,
      "name": "Business Tools",
      "count": 33
    },
    {
      "id": 348246,
      "name": "ClickDimensions",
      "count": 6
    },
    {
      "id": 345684,
      "name": "Cloud Solutions",
      "count": 46
    },
    {
      "id": 345685,
      "name": "Collaboration",
      "count": 21
    },
    {
      "id": 345686,
      "name": "Communication",
      "count": 11
    },
    {
      "id": 345690,
      "name": "CRM",
      "count": 22
    },
    {
      "id": 345692,
      "name": "Customer Service",
      "count": 4
    },
    {
      "id": 345696,
      "name": "Digital Transformation",
      "count": 20
    },
    {
      "id": 345697,
      "name": "Dynamic Workforce",
      "count": 15
    },
    {
      "id": 345698,
      "name": "Dynamics CRM",
      "count": 24
    },
    {
      "id": 345699,
      "name": "Email Marketing",
      "count": 6
    },
    {
      "id": 345702,
      "name": "Excel",
      "count": 4
    },
    {
      "id": 345705,
      "name": "Giving Back",
      "count": 1
    },
    {
      "id": 345706,
      "name": "Going Green",
      "count": 3
    },
    {
      "id": 345709,
      "name": "Lead nurturing",
      "count": 7
    },
    {
      "id": 345711,
      "name": "Management Tools",
      "count": 12
    },
    {
      "id": 345713,
      "name": "Marketing Automation",
      "count": 9
    },
    {
      "id": 345714,
      "name": "Metadata",
      "count": 1
    },
    {
      "id": 345716,
      "name": "Microsoft Dynamics",
      "count": 23
    },
    {
      "id": 345717,
      "name": "Microsoft Office",
      "count": 31
    },
    {
      "id": 345718,
      "name": "Microsoft Partner",
      "count": 2
    },
    {
      "id": 345721,
      "name": "Office 365",
      "count": 56
    },
    {
      "id": 358337,
      "name": "Office Planner",
      "count": 1
    },
    {
      "id": 345722,
      "name": "OneDrive",
      "count": 6
    },
    {
      "id": 345725,
      "name": "Planning",
      "count": 7
    },
    {
      "id": 345727,
      "name": "Power Bi",
      "count": 4
    },
    {
      "id": 345728,
      "name": "PowerPoint",
      "count": 2
    },
    {
      "id": 345730,
      "name": "Presentation Design",
      "count": 2
    },
    {
      "id": 345732,
      "name": "Productivity",
      "count": 39
    },
    {
      "id": 348227,
      "name": "Security",
      "count": 31
    },
    {
      "id": 348245,
      "name": "SharePoint",
      "count": 13
    },
    {
      "id": 348226,
      "name": "Sustainability",
      "count": 2
    },
    {
      "id": 358338,
      "name": "Windows 10",
      "count": 6
    },
    {
      "id": 348228,
      "name": "Work for Amaxra",
      "count": 11
    }
  ]
}