When in Doubt, Don’t Click It!

A short time ago, news broke that White House computer systems were breached by the Russians. Hackers were able to access the “non-public parts of the President’s schedule in real-time.” This was one of the most serious cyber breaches of our US government agencies. The White House has two systems: Classified and Unclassified. Supposedly, only the unclassified part of the system was breached, but even the unclassified system contains sensitive information.

How did this breach happen?

Hackers were able to access the State Department’s system. Once they were in that system, they used a tactic called spear phishing to then gain access to the White House system.

What is Spear Phishing?

Spear Phishing is when a hacker sends a user or multiple users an email that tricks them into clicking a link that then gives the hacker access to their computer. These links grab users’ attention by falsely warning the user that they need to verify information, give more information for a specific purpose, or even verify a social media friend request. See below for an example of a “spear phishing” email.

In this example, just clicking any of the embedded links could invite a hacker to gain access to your machine. One of the ways to verify if an email is legitimate is to hover your mouse over the From column. By doing so, you will be able to tell if the email is from a recognizable domain that is linked to the actual sender name. If the link does not route back to target, do not click on it. The domain should match the purported sender, ie, Hilltop.com should not come up as Holltip.com

It’s also a good idea to hover over the links embedded in the email to figure out if they’re legitimate and use encryption (https://). Cutting and pasting the link into a new link to get to the site directly without clinking on the email link provided is also a worthy exercise.

Bottom line: If you have any doubts, don’t click! Though it may take extra time, it is much safer to first verify a link with your IT provider to assess the validity of the email.

Contact the Hilltop team if you have questions, concerns, or have fallen victim to this threat.