The Connection Magazine AIM MUTUAL Spring 2020 | Page 30

PHISHING
PHISHING EMAILS
TO WATCH FOR
PHISHING EMAILS are a fact of life
these days. Death, taxes, and phishing
emails. Verizon’s 2019 Data Breach
Investigations Report lists phishing
attacks and the use of stolen credentials
(attained through phishing) as the top two
sources of breaches in the financial and
insurance sectors. 1
These emails come in a wide variety
of styles and techniques and attempt to
accomplish a wide range of goals. Some
are targeted and personal, while others
are generic and sent out to hundreds of
people at a time, hoping at least a couple
will fall into the trap. Some are trying
to pry a little bit of useful information;
others are trying to get into the system
by acquiring credentials or installing
malicious software attached to the
phishing email.
Robust security systems are a huge
asset in blocking these emails, but
some will inevitably make it through
to employees. Therefore, it’s vital for
employees to be well trained in what to
look for in potential malicious emails.
Start with the sender. Who did this email
come from? Was I expecting an email from
this person? Does the cadence seem
familiar based on prior communication?
At first glance, the name at the bottom
of the email might be a name you’re
familiar with. But did it actually come from
that person? Look closely at the “From”
address and the external sender warning.
Some emails are less sophisticated than
others. Example 1 is riddled with clues, but
here are some of the highlights from top
to bottom.
Example 1 - Quick Task
30