A brief glance through my Spam folder in MDaemon Webmail today reminded me of the need for on-going education on the topic of phishing and Business Email Compromise (BEC) scams. Because businesses have already lost millions of dollars to these scams and continue to fall victim every day, it bears repeating that, while spam filters and secure email gateways continue to improve, no solution is 100% fool-proof.
Today’s phishing example was scanned by MDaemon, determined to be spam, and placed in my Spam folder for review (MDaemon can also be configured to delete spam instead of placing it in the user’s spam folder).
Most of us will likely be immediately suspicious due to all-caps “REMINDER!!!” at the top of the message, but what other phishing clues can you identify?
In this example, the scammer has used display name spoofing to make the message appear to be from DHL. Most large businesses such as DHL have policies regarding email communications. DHL’s fraud awareness policy, which you can read here on their website, states:
“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus.
Please do not open the attachment. This email and attachment does not originate from DHL.”
But for most of us who remain unaware of DHL’s policies, it’s important to know what to look for to avoid becoming the next victim to phishing scams.
Using the DHL example, I’ve labeled the items to look out for when reviewing a suspicious email.
No business is too big or too small to educate its users about phishing. After all, it only takes one user to open a malicious attachment and unleash malware vicious enough to take down an entire company. Learn more about how to avoid being the next victim by reviewing these 10 tips to identify a phishing email.