A few extra moments...
That's all it takes.
That's the difference between losing $3000 and not losing $3000.
Whenever you get a weird or unusual email and you're not sure if it is a phish or not, ask yourself 1 primary question: Is this email the type of email I would normally receive from this sender?
If the answer is no, odds are it's probably a phish.
For example, you receive this email:
Not sure if it's a phish or not? Ask yourself the primary question: Is this email something I would normally receive from this sender?
Note the sender address ends in .za, which is the country code for South Africa. Would someone from South Africa know when your network password is expiring? Unless YOUR email address ends in @gauteng.gov.za the answer is probably no.
What other red flags do you see?
- generic greeting of Dear Staff (Would the passwords for the ENTIRE staff be expiring on the same day? I'm guessing no.)
- why say Network/Email password? Do you know of any companies that use different passwords to do different things on that network: one password to access folders and files, one password to access email, one password to print something, etc?)
- lack of punctuation (no period after expiring to end the sentence
- multiple grammar errors (lots of random capital letters
- very generic closing (if this was legitimate a specific name would be here, not this generic group name)
If you ask this questions of every weird or unusual email you receive you will not get hooked on anything the vast majority of the time. A few moments is all it takes to save yourself a potential world of trouble.
One of our users last year fell for a scam which should have been immediately obvious that it wasn't legit. A week later he woke up and found that over $3000 had been taken from his bank account, most likely by the scammers.
I say most likely because once we learned that money had been removed from his account without her knowledge or permission, we sent the issue to a law enforcement level and I haven't heard any details since then. But based on the timeline of events, it's safe to say the scammers took the money.
Please be careful out there. Attackers don't care about who you are, where you work, what your financial situation is, etc. You have something they want and they will do whatever it takes to get it and let you deal with the fallout.
Take a few moments and keep yourself out of trouble.
Comments
Post a Comment