The primary goal of social engineers is to make us curious or fearful because that is when we are most vulnerable. They use many tactics: Spoofing a sender in emails and utilizing familiar content are two of their favorites.
One of the most common attributes of phishing attacks is a sense of urgency. By nature, when we see signs that something is important, we tend to respond immediately and emotionally. For example, you’re in a meeting and your phone rings. You don’t recognize the caller so you quickly dismiss the call. However, let’s say you’re in the same meeting and receive a call from your elderly mom. She knows you’re at work and most likely busy, but the thought going through your head is, What if something happened to her? You ask to be excused and promptly leave to take a call.
You’re likely familiar with attributes of urgency in phishing emails, such as the “urgency flag” or the word urgent in the subject or body of the email. Lately, there’s been an uptick in phishing emails with expiration dates (see examples) that serve the same purpose. These are nothing but a trick so that you’ll act out of distress.
Think before you click.