The best phishing email I’ve ever seen was to a CFO and “from” a CEO, with a simple request to send over wire information for a new vendor. The email header was flawlessly spoofed (i.e. the sender appeared to be the CEO), and the request was not wildly unusual for this company. And yet… something felt off. The CEO used his first name rather than his nickname (think “Robert” rather than “Bobby”), and the CFO didn’t know of any new vendors. The CFO did the right thing – he contacted Matsco and sent over the email as an attachment. We confirmed it was a phishing attempt and performed a full investigation.
While the aforementioned example is rare, phishing emails are shockingly common. SPAM protection products will block a great deal of obvious SPAM and some phishing attempts, but not all. A good Anti-Virus and Anti-Malware software will provide some safety from malicious downloads, but they can’t protect you from yourself, which is to say you need to be very careful providing sensitive information.
Below are a few examples of common phishing emails:
An effective phishing email will tap into a fear that you’re losing something (e.g. access, money) or the desire to gain something (e.g. a refund, a free product). Most phishing emails will also have something slightly off, be it a typo, a peculiar choice of words, an email template that looks different than the usual communication from the company in question. The scammers will hope you’re too busy / in a rush to notice whatever is not quite right. Below are some tips to protect yourself from the sophisticated and not-so-sophisticated phishing emails:
Check back on Monday for Part Two of Staying Safe Online!
Share this Post