In our last post, we talked about suspicious emails that don't look so suspicious on the surface. Here is an example of an email to show you what to look for. In this case, a fake payroll report is being sent. A busy, distracted person may open this by mistake, or an opportunistic employee may try to open it to sneak a peek at confidential information. SLOW DOWN and check your mail carefully. Even with up to date antivirus protection and spam filtering, some emails CAN get through because they are engineered to get through. This can be a phishing email (trying to get confidential information) or a dangerous virus such as Cryptocker. Don't open the door!
- Multiple random email addresses are listed including some mispellings
- The subject line doesn't match what is actually used by this vendor (but this is tough to catch)
- The dates don't match - report date vs email "sent" date
- The instructions call for the user to download the file from Dropbox and this vendor would never transmit this type of information with consumer file sharing application
- The instructions mention Dropbox, but the link says Cubby (a different brand of file sharing)
- The link includes a .zip extension which is often used to hide executable files.
- There is no corporate email signature or information at the end of the email.
Many things to watch out for, and we thought it would be helpful to point them out. Please help spread the word by including this in your employee security training. You can click on the image to view a larger version which is easier to read.