By Paul Ibarra
Nov 20, 2017
The holiday season is here, which means turkey, ham, decorations, presents, and so much more. Along with all the good also comes the bad. Unfortunately, this time of the year is when cyber criminals cast their phishing nets. Let’s take a look at a phishing email that I received recently. I’ll point out some areas to pay attention to so that you can prevent taking the bait.
Let’s start with the sender’s email address. Here’s the detailed information for the sender of this message:
Red flag 1. First and foremost, I don’t know this person nor do I have any dealings with this person as a consumer or vendor. If you’re unsure though, the part to pay attention to here is the domain, which is the portion of the email address after the “@” symbol. The “from” field has the domain “zeelandnet.nl” while the “reply-to” address has a domain of “worker.com.” While some legitimate email uses a different reply-to address, it’s typically still the same domain.
Red flag 2. The body of the message isn’t formatted properly and doesn’t it read well. This is a typical attempt from cyber criminals phishing for information.
Red flag 3. I’m asked to provide personal identifiable information (PII). Anytime you provide this type of information, ensure that you know exactly who you’re communicating with and be sure to send this information securely, not over plain text email.
Red flag 4. The company name listed in the signature isn’t the same as the domain in the email addresses. Typically, a company’s domain is either exactly the same or a variant of the company name.
There is more that we can critique here, but the ones highlighted above are easy indicators that someone is phishing for your personal or business information. These red flags are typically the same in every phishing email you’ll receive. If you come across an email that you find suspicious, don’t respond, click, or take any additional action. Stay safe this holiday season!