Beware of new Phishing Email - Fake Attachments
25 July 2024
What is the phishing email and how does it work?
A phishing email is a fraudulent email that tries to trick you into revealing your personal or financial information, such as your login credentials, bank account details, or credit card numbers.
The phishing email that is currently circulating displays as if there is an important document attached as a PDF file, but the attachment is actually a link that leads to a fake website that mimics a legitimate one.
If you click on the link, you will be asked to enter your login details for the website, such as your email account, cloud service, or online banking. The scammers will then use your information to access your accounts and steal your data or money.
How to identify the phishing email and avoid falling for it?
The phishing email may look convincing, but there are some signs that can help you spot it and avoid clicking on the link.
Check the sender’s email address and domain name. The phishing email may use a spoofed address that looks similar to a legitimate one, but has a slight difference, such as a misspelling, a different extension, or an extra character. For example, instead of admin@company.com, the phishing email may use admin@companny.com or admin@company.co.
Check the subject line and the message body. The phishing email may use generic or vague terms, such as “Important Document”, “Urgent Notification”, or “Please Review”. The message may also contain spelling or grammatical errors, or use an unusual tone or style.
Check the attachment link. The phishing email may use a deceptive link that looks like a PDF file, but is actually a web address. You can hover your mouse over the link to see the actual URL (see picture below), or right-click on the link and select “Copy Link Address” to paste it in a text editor. The URL may have a different domain name than the sender’s email address, or use a shortened or random string of characters.
If the information you are receiving is not expected or is not something you would normally receive from the sender, then contact the sender by phone directly first before proceeding with opening the attachment. Check to see if this was something that they meant to send and confirm how it is displaying.
Lastly, if you are still unsure after checking all of the above, it is best to check with your IT department first and they can advise if it is safe to open or not.
What to do if you receive the phishing email or click on the link?
If you receive the phishing email, do not open the attachment link, and delete the email immediately. You can also report the email as spam or phishing to your IT department.
If you know the sender, you should also immediately advise them of the email ASAP as they may not know their systems are potentially compromised.
If you click on the link, do not enter any information on the fake website, and close the browser window. You should also change your passwords for any accounts that may have been compromised, and scan your device for any malware or viruses. You should also contact your IT department to report the incident and seek further assistance.
How to Prevent Phishing Attacks by Educating Your Staff
One of the best ways to prevent phishing attacks is to educate your staff on how to spot and avoid them. By circulating this information to your staff, you can increase their awareness and vigilance of these malicious emails.
MindCache can also assist in providing modern solutions to enhance your staff’s training and awareness. MindCache can help you design and implement controlled phishing campaigns that target your staff with realistic and customised emails. These campaigns can help you measure your staff’s response rate, behaviour, and feedback to phishing attempts along with providing training for staff that require it. This can help reinforce best practices and identify any areas of improvement.
By combining these methods, you can create a culture of security awareness and resilience among your staff and reduce the risk of falling victim to phishing attacks. To learn more about how MindCache can help you, please visit our website or contact us today on 1300 154 651.