#BeAware: Spear Phishing

15. May 2019

Phishing emails are still the main gateway for viruses, Trojans and other malware. They are also often used to gain access to the personal data of their recipients. A phishing email sent for the purpose of spreading malware can reach a computer in two ways: Either via compromised attachments or links designed to trick the recipient into visiting a compromised website.

Attackers who send out phishing emails are becoming more and more professional. Obvious spelling and grammar mistakes or outrageous stories of Nigerian princes whose fortune you are supposed to have inherited still exist, but have become the exception. Here is a list of things you should check in all your incoming emails:

  • Is the sender correct? Is the name spelled correctly and is the address after the @ correct?
  • Where does the link in the e-mail lead to? If you hover over the link with your cursor (without clicking!), the destination address is displayed next to the mouse or in the lower part of your browser window and you can check whether the link matches the content of the e-mail and the sender.
  • Does the content of the e-mail match the sender or is it too good to be true?
  • Does the attachment match the sender?

If you receive an email that you think might be suspicious, even in the slightest, do not click on any links or open any attachment, but forward the email to the appropriate contact person at your company. Your IT department will then be able to verify whether the mail really is a phishing attempt.


About #BeAware:
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories