“Dear User”: Sorting Real Emails from Socially Engineered Phishing Attacks

Do you know how many people take the bait? Statistics are alarming. Take a look like Paula is analyzing her email load and #staycqure.

As Paula’s investigation gets underway, she discovers a link between the timing and contents of the email and an event that occurred in her real life. If the message is a cyber-attack, the threat actor has done their homework.

The email appears to be sent from a car rental firm Avis, but Paula finds several tell-tale signs that the company may have been spoofed. When she takes a closer look at the logo, email address, formatting and the way that the message is worded, things start to smell a bit phishy.

Suspecting that the pdf document attached to the email may be dangerous, Paula analyzed it with a security tool. The results revealed the exploitation of a vulnerability in Adobe. Had Paula opened the pdf in Adobe, the hacker who sent the email would have been able to establish a connection with her machine.

Remember always to evaluate the messages you receive, even the ones that pass through anti-phishing filters.

Do you want more phishing in action? Take new course from CQURE experts to created for all who want take a deep dive into social engineering and phishing.