The connection between phishing and ransomware

One of the fastest-growing online attacks is ransomware, which is malicious spyware that locks down your computer’s files and holds them hostage, forcing you to pay a hacker to recover your digital life. Ransomware attacks are a relatively new phenomenon of phishing scams that are usually delivered via email or text messaging to try to trick you into downloading hidden spyware. Explore how ransomware and phishing work hand in hand and how to defend yourself against both while you’re online.

What is phishing, and what is ransomware?

Phishing is a digital con artist’s elaborate scheme. It usually begins with a seemingly harmless email, message, or link that lures you into clicking or downloading an attachment. Masquerading as a trusted source, such as a bank, colleague, customer service, or even a social media platform, this message often appears official, authoritative, or legitimate.

Microsoft Defender

Stay safer online with one easy-to-use app¹

¹Microsoft 365 Personal or Family subscription required; app available as separate download

Learn more

For example, you might be asked to look over an invoice (that you don’t remember authorizing) or reset a password to an account (that you don’t remember requesting). The goal of these attacks is to have you enter your private information where it can then be used for things like to stealing your identity, incurring charges in your financial accounts, or leaking personal and sensitive data.

“Victims of these ransomware attacks are left with a difficult decision: pay the hackers or groups associated with the ransomware or risk losing their valuable data forever.”

More often than not, a link in a phishing scam will result in you inadvertently downloading something that can cause harm to your computer. Ransomware, like any spyware or malware, is a downloaded file that hides in the background of your laptop or device. However, instead of quietly spying on your computer (like a keylogger), it acts fast to immediately block you from accessing your files, even preventing you from navigating or opening folders. Victims of these ransomware attacks are left with a difficult decision: pay the hackers or groups associated with the ransomware or risk losing their valuable data forever.

How phishing scams lead to ransomware attacks

Ransomware is predominantly delivered by phishing. Here is how the cooperation between phishing and ransomware typically plays out.

The lure. You receive an email that appears to be impersonating a trusted source. The email asks you to click on a link or download an attachment. This is the phishing hook.
The infection. Unbeknownst to you, clicking that seemingly innocent link or attachment triggers the ransomware’s activation. It slithers into your system like a silent intruder.
Data lockdown. Once inside, ransomware encrypts your files, rendering them inaccessible. A ransom note appears, demanding payment in exchange for the decryption key.

Recognizing the signs of phishing

Phishing preys on your trust using legitimate sources and makes it difficult to distinguish between real and fake emails. There are many types of phishing attacks that target all levels of employees at a company—from CEOs and board members to interns—or individual that the scammer has interacted with. In a suspicious email, look for these telltale signs.

Generic greeting. An email that begins with “Dear Sir/Madam” should raise a red flag, and even the newsletters you subscribe to will begin with less run-of-the-mill language.
Misspelled words and characters. Phishing emails will use combinations of letters or numbers in the middle of words to get past spam filters, such as “M1crosoft.”
Unfamiliar attachments. Phishing emails can come with an attachment, like one that purports to bill you for an invoice. This should definitely raise some flags if you don’t remember recently working with a business.
Contest winnings. Everybody loves to win, but a lottery offering with millions of dollars in unclaimed rewards is likely not legitimate.
Strange email addresses or links. If you hover your cursor over a sender’s name, you may see an email address that has nothing to do with the content of the email. Similarly, a shortened link apparently connecting you to a major URL might be too long, incorrect, or risky.
Requesting personal data. With so many online accounts at our disposal, it can be difficult to remember passwords for each. If you haven’t requested a password reset for an account—whether it’s social media, an online storefront, or a work service—you may see one in your email that could seem normal, but it may be a phishing attempt.

By being able to recognize a phishing email, voicemail, or text message, you’ll have a greater chance of avoiding spyware and ransomware—thereby preventing these malicious invasions of privacy from impacting your computer and your life. Find more privacy and safety tips to learn how to protect yourself, your loved ones, and your business online.