Let’s start from the beginning - the definition of a phishing email (according to Webroot) is “a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam.”
See exhibit A below – a phishing email that I got. Since we honor the National Cyber Security Awareness Month each October, I thought this was good timing for a newsletter article about it.
The email I received appears to be sent by ATT, but I wanted you to take a look at the red arrows below – these are the main areas of EVERY email you always want to analyze before clicking a link or opening an attachment, to make sure of its legitimacy.
Red arrow #1 – FROM: The first thing I looked at was that domain – e.att-mail.com is not a valid domain for ATT. Ok, it already got my attention, so I needed to continue scanning the email to see what else was there.
Red arrow #2 – SUBJECT LINE: “IMPORTANT”, in all caps and urging me to take action. This often times is another indicator of a phishing email. The sender wants to make the point that this is time sensitive, therefore I have to take action fast.
Red arrow #3 – TYPO: Typos are another indicator of a phishing email. Perhaps the person that crafted this does not speak or write English well.
These are only the biggest red flags, the image below will give you a better idea of all the items you should be scanning and looking for when you receive a suspicious email.
And last but not least, we run a monthly program for some of our clients where we manage online training, random phishing and reporting for them, where we send a different pretend phishing email each month to the whole staff, to make sure no one is clicking on what they shouldn’t. We also make it fun, raffling off an Amazon Gift Card among staff members that were super vigilant and didn’t click on any links. To read more about it visit: https://www.pinkhattech.com/phishing-security-tests/.