Spot the Phish: Business Emails

Spot the Phishing Attempt - Cybersecurity Awareness

The images displayed below are a combination of phishing emails and real emails depicting potential business email compromise scenarios. Spot The Phish! Click on the images to zoom in.

 

Spoiler Alert: Answers are below.

Answer: Image 2 and Image 4 are the real ones. And the rest are phishes. Take a look below…

Image 1 details: The is an attempted phishing attack - the email asks for sensitive details of the employees to be sent to an external email address. Also, the sender tells the recipient not to “cc” him as by doing so the employee might send the email to the actual CEOs email address.

Tax Statement Request From CEO - Phishing Email Explained 1

 

Image 2 details: With every email that involves a call to action, there is bound to be a link to click or an attachment to open. In this case, it’s a link which passes our typical cybersecurity check. We’ve used an example company (Example, Inc.). In typical phishing emails, the link text is different from the mouse-over text. In this case that is not an issue. It looks like the email is taking you to the legitimate exampleinc.com domain.

Image 3 details: The sender is creating a sense of urgency to get the recipient to act quickly to send an international payment. This one is a phishing email.

Urgent International Payment from CEO Phishing Email Explained 3

Image 4 details: The only thing we can really analyze in this case is the link. The link is a gotomeeting.com link which is a popular webinar hosting site. Although we should always have our cybersecurity guard up, there’s nothing manipulated in the link and it looks legit.

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

New York Cybersecurity Regulation

Tough New Amendments to New York Cybersecurity Regulation Kick in Soon

Entities must take proactive steps to assess their compliance with the amended Cybersecurity Regulation and rapidly work to address any gaps …
federal trade commission

New FTC Rule Requires Vast New Range of Businesses to Report Data Breaches

Starting May 13th, a broad new set of businesses, ranging from car dealerships to mortgage lenders, will need to report certain data breaches to the FTC …
IT Risk Assessment

Uncovering Six Common Issues That Could Impact Your IT Risk Assessment

IT Risk Assessments play a critical role in protecting organizations against ever changing cyber threats …