When cybercriminals send phishing emails or malicious attachments, they use various techniques to convince you to click on the link or download the file. One such method is to add all sorts of disclaimers to show that the link or attachment is trustworthy. As ridiculous as it sounds, this approach works. A person knowledgeable in information security might be wary, but employees with far less computer training might take the bait. Thus, we advise information security managers to organize regular meetings with their colleagues to discuss the schemes used by cybercriminals, including the most basic ones.
Obviously, there are several: each cybercriminal has his own. We have seen many very different examples, but it is mainly to adapt the following subjects: The attached file has been scanned by an antivirus (sometimes there is a logo). The sender is in an approved list. All links have been Job Function Email Database scanned by anti-phishing software. No threats were detected. Here is an example. This is a phishing email sent by cyber criminals trying to impersonate the support team. The goal is to convince the recipient to click on the link and enter their Office credentials.
To make the message more credible, a warning indicates that the sender has been verified.Even if phishing or malicious emails demand a quick response (in the example above, you are tricked into believing that you will no longer be able to access your work email address), you should respond differently. First of all, you need to ask yourself the following questions: Have you seen this warning before? If you've been with this company for a week or more, this is definitely not the first message you've received. Have your colleagues ever seen this warning in their work messages? If you don't know, ask a colleague with more experience or the IT team. Is the warning appropriate in this situation? It is true that a warning saying that the file or the link has been analyzed can be useful. If the sender works for the same company as you, why isn't their work email address on the safe senders list? In fact, modern email filters work the other way around: they flag potentially dangerous messages, not those that are in good standing.
