The Think Before You Click campaign is designed to get you to do exactly that – slow down, consider what or who you’re interacting with online and think about what you’re about to do before you do it.
It has been launched by many cyber security firms over the years, as well as being pioneered by organisations like the BBC to try and make people act safer online.
As more of everyone’s daily lives move online, the risks associated with online security increase. Cybercriminals base a lot of their attacks on getting people to act impulsively and without thinking, whether this is through a phishing email, a malware attack, or a more sophisticated social engineering assault.
Once you have clicked on something you shouldn’t have, you have opened a door for cybercriminals to invade your computer. This could lead to them installing malware on your device, watching your keystrokes through a keylogger, or gaining access to your passwords and accounts.
In many cases, people will click a link instinctively and then suddenly realise they have made a mistake. Think Before You Click is designed to mitigate against this risk.
What to do
When you receive an email that includes a link, or you come across a message on social media or a pop up online, the first thing you should do – as per the campaign – is stop and think.
If possible, hover your mouse over the link to reveal the true source. Often this will show you that the link is fraudulent, directing you to a malicious website or location. If this isn’t possible, copy the link and paste it into an incognito browser, ensuring it can’t gain access to any of your accounts – though this still poses the risk of installing malware on your device. If you have any suspicions at all, the best course of action is to do nothing. If possible, report the email or link to your IT department.
What attacks might you encounter
Cyber-attacks can occur in many different ways, but there are some which are a lot more common than others. The number one attack nowadays occurs through phishing.
Phishing attacks are when a cybercriminal sends an email to your account, trying to get you to act impulsively and either click on a link, download malicious software or disclose confidential information about yourself. They will use many techniques to try and make the email appear convincing, like impersonating a trusted brand, using urgent language or even pretending to be someone close to you.
In all of these cases, look out for tell-tale red flags like misspellings or grammatical mistakes, time-sensitive requests and spoofed brand names. The emails can be very convincing so the best thing to do is stop and think before you click. As always if you’re in any doubt, err on the side of caution and delete the email.
How Boxphish can help
If you’re reading this and are thinking wow, I know people who click on malicious links all the time or you’ve done this before yourself, then perhaps you need to invest in cyber security awareness training.
Cyber awareness training is designed to educate individuals on the dangers we face through our online activities, covering everything from phishing attacks to malware, social engineering and everything in between.
At Boxphish, we offer bite-sized interactive courses which take you through one topic at a time, teaching everything you need to know about the tactics cyber criminals might use and how best to defend yourself from them. This new knowledge is then tested through a short quiz and can be further put to the test through real-world phishing simulations. These simulations are delivered automatically to your inbox and test you in a real-life environment, instructing you on what you did wrong if you do fall for the phishing email and click on the link.
To find out more about how Boxphish can develop training for you, visit our website and book a demo today.