How to recognize a customized spear-phishing email

Phishing is still the most common initial attack vector. Mass mailed spam is now taking cues from targeted campaigns, improving conversion rates through personalization and the use of seemingly authoritative content.

You are targeted!

Scammers are getting better at targeting. Sharpen your defenses today – including your awareness training!

Here are some indicators that can help identify phishing:

  • Sender: the name and the email address don’t match. Your colleague is probably not emailing you from someone else’s Gmail account or a Mexican car dealership (unless you are in the car sales business in Mexico)
  • The link in the email leads somewhere else than the text of the link. Hover over to see the real url- or press an hold on a touch device. Here’s an example: https://bbc.co.uk
  • The logo in the email is hosted on a different domain than the email address of the sender, and it is not a CDN or cloud storage bucket.

Training people to look for these indicators will help reduce damage from the more advanced phishing campaigns!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s