WARNING: YOU’VE FALLEN FOR A PHISHING SIMULATION!
Thankfully, this was not a real phishing email, but an authorized test by your organization. One wrong click could open the door to cyber crime for your employer, your coworkers, or your loved ones.
How to spot a potential phishing email?
This is not always as easy as it sounds. We hear people say, ” I would never fall for a scam” or “I don’t click on links”. But, it only takes one time to be a victim of a data breach.
In 2019 alone, 65% of U.S. organizations experienced a successful phishing attack (2020 State of the Phish, Proofpoint).
First things first. Look at the email address as well as the sender. Were you expecting something from the sender? Does the email address match the sender? Example, Magic City Systems will only use ‘@magiccitysytems.com’. A great option to check a company’s domain name is to type the company’s name into a search engine. Companies won’t use public domains such as gmail.
Some other things to watch for are spelling, both in name domains and the body of the email, grammar, suspicious attachments or links, and if the email causes a sense of urgency. See below slides for more in depth details on these methods.
The email below looks like it came from Amazon. It looks very real to the emails Amazon sends out. Notice even the sender says Amazon.com? This is a great example of how they trick people. Now let’s look at how to spot this next time to avoid a costly breach with this kind of phishing email.
Take a quick second and follow the slides below. (Click on slide to enable full screen.)
Spelling & Grammer
Often in a phishing scam, the domain is spelt wrong or slightly off. Example, instead of the letter (m) they may use (rn). Did you notice how the (r and n) placed together, at a quick glance, look like the letter (m)? john@rnailcarrier look a lot like john@mailcarrier.
If the email contains poor spelling or grammar it may be a phishing scam. Often scammers are dont grasp the
WHAT’S THE WORST THAT COULD HAPPEN?
In 2019 alone, 65% of U.S. organizations experienced a successful phishing attack (2020 State of the Phish, Proofpoint). But, what exactly happens when an organization experiences a phishing attack and how could it impact YOU?