Sign in Subscribe
By hive0x09 in Artifacts

You have been phished!

Don't worry if you're on this page your company is conducting a phishing campaign. Please read this page to learn how to stay protected from this type of an attack.

You were redirected to this page because you clicked on a phishing email. Luckily this is a simulated phishing attack performed to test your companies staff.

What is Phishing?

Phishing is a type of attack that involves an attacker sending a malicious email to your inbox. Sometimes these emails can be very convincing and are difficult to detect. When you click on a phishing email a number of dangerous things can happen next.

  • Malware could get installed on your device.
  • Your credentials could get stolen.
  • Your computers secrets could be taken including crypto wallets and keys.
  • or worse...

Your company requires that you try your best in detecting these phishing emails and work with your IT / Security Team to report and block these nefarious emails. So how do you protect yourself from phishing?

How to identify phishing emails

  1. Who sent this email?
    Have you received a trusted email from this sender in the past? If not is the email asking for you to do something that you don't usually do. Maybe click on a link or a file?
  2. Does the domain name look right?
    Maybe the domain is misspelled in the senders address. A common word for this is typosquatting.
    The domain "google.com" may be typosquatted to have the "L" character switched for the number one.
    This makes the domain "goog1e.com" look similar to "google.com" but they are completely different domains.
  3. Does the email come off as "Urgent" or "Emotional"?
    Sometimes an attacker will make it seem like you have to do something right away or you may get in trouble. This is a tactic used to make you hurry and get something done so that you let your guard down to produce some outcome.
  4. Does the email want you to do something that is out of the ordinary?
    If you don't usually have documents you need to review called "Bonus.pdf or "Benefits package upgrade.docx" then theirs a good chance this is someone attempting to trick you.
  5. Does the email contain any attachments?
    Be weary of attachments especially those with suspicious or unfamiliar names. Downloading these files can cause all forms of havoc on your computer. Sometimes without you even noticing it.
  6. Does the email contain any links?
    Links are used by attackers to bring you to a web page that they control. They then try and harvest your credentials or steal your saved credentials for their benefit. Inspect each link you get before clicking on it by hovering over the link to see where the link will actually take you.
  7. Is the email misspelled or have weird punctuation and/or grammar?
    Sometimes the language or grammar of the email can be out of the ordinary or doesn't make much sense. If this is the case there is a good chance you should report the email.
  8. Trust, but verify!
    If you get an email to review some paperwork from a colleague or to change the banking information from a client. It is smart to contact that person before performing any secure action. It doesn't hurt to double check with your supposed sender before doing what they request.

Moving forward!

Identifying a phishing email can sometimes be hard, But taking the extra time to inspect the email and following the steps outlined above may protect you and your company from a potential compromise.

We are sure that you will be able to identify the next phishing email your company sends out! Thank you and we hope you learned something that you can implement into your daily work life.

Subscribe to lesion.io Blog

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe