Less complex than BEC, but even more widespread, phishing e-mails will usually come from free e-mail providers, ex. gmail, yahoo, outlook/hotmail, but will have a display name that is different than the actual e-mail in trying to gain your trust. The e-mail is supposedly from DHL, UPS, DropBox, Microsoft, or some large company that you trust, but then you find out that the underlying e-mail address is not from that companies e-mail domain, but is a gmail account or a similar domain like DHL_Accountservices.com, etc.
Some recent attacks actually impersonated domains to try and fool employees at the actual business. An example is if your business e-mail domain is "marysdonuts,com", the impersonated e-mail domain might be rnarysdonuts.com, whereby the "m" is replaced with an "r" and an "n" to fool your eye into thinking it's a lower case "m". Cyrillic alphabet characters have also been used to play tricks on your eyes.
Security Tip: Like the BEC e-mails, there is a call to action, usually an attachment (virus infected) or a button/link to click.
Ask yourself these questions when you receive an e-mail:
- Do I know the sender? (hover your cursor on the display name or click the display name to see the real e-mail address)
- Am I expecting this e-mail or any attachments from this sender?
So the lesson at the end of the day, is if you want to be safe, and not be a victim of e-mail fraud, BEC, or phishing you should use the low tech communication device that was invented by Alexander Graham Bell and verify before taking action based on e-mailed instructions. After all, as discussed in my Part 1 blog post, e-mail is not secure by design.
Be Secure!
@tjmprofessional
No comments:
Post a Comment