This was a FAKE phishing email created by Adelia Risk, your company’s cybersecurity provider.
The goal of this test is to help train you and your colleagues to spot fraudulent emails so that we can better protect our employees, customers, and networks.
Had this been a real phishing email it could have led to actual data theft!
Because you did not recognize the email as a phishing scam, we need you to review the information below so that you can better detect the signs of a fraudulent email.
With your help, we can stop cyber-criminals!
What is phishing?
Phishing is a scam in which cybercriminals try to trick you into doing something, such as giving them confidential or financial information. The attack begins when a cybercriminal contacts you by phone, text message, or via social media pretending to be a person or group that you know.
The message will try to entice you into taking an action such as clicking on a malicious link, opening an infected attachment, or sending a message with sensitive information back to the cyber-criminal. Although phishing messages are often well-crafted and can appear convincing, there are things you can look for to help you spot them.
How to Tell It’s Phishing
First, check the sender’s email address for the email. It says it’s “from” the CDC (Center for Disease Control), but that’s easy to fake. Here are some clues:
Lastly, if you hover your mouse over the link in the email, you’ll see that it doesn’t actually go to the CDC website even when the link itself says it’s from the CDC.
This one was tricky! There weren’t a lot of clues in the email itself.
Hackers know this — they’ll exploit times of emergency and uncertainty to get your attention. This Time’s article provides a view of the scams that are happening right now and how to protect yourself from them https://time.com/5806518/covid-19-scams.
That’s why it’s so important to look at who sent the email that you receive from someone from the outside.
What to do if you think you received a phishing message
Most importantly, DO NOT RESPOND TO THE MESSAGE. You should also avoid clicking on any links or downloading, clicking on, or opening any attachments. Report the incident to the person in your company who handles IT and computers.
If you don’t know who to report this to, please call us at 888-646-1616 and we can help.
Other Warning signs
CHECK THE EMAIL ADDRESS. If the email appears to come from a legitimate organization, but the “FROM” address looks non-professional, such as @gmail.com or @hotmail.com, this could be a phishing attack. Also, check the “TO” and “CC” fields – is the email being sent to people you do not know or do not work with? If you decide it looks safe to reply, double-check the email addresses before hitting send.
BE SUSPICIOUS OF EMAILS WITH GENERIC SALUTATIONS such as “Dear Customer.” If a trusted organization has a need to contact you, they should know your name and information. Also ask yourself, “Am I expecting an email from this company?”
BE SUSPICIOUS OF SPELLING OR GRAMMAR MISTAKES. Most businesses proofread their messages carefully before sending them.
BE SUSPICIOUS OF ANY EMAIL THAT REQUIRES “IMMEDIATE ACTION”. Look out for emails that create a sense of urgency or warn of a consequence if you do not respond right away. This is a common trick to try and rush you into making a mistake.
BEWARE UNSOLICITED REQUESTS FOR SENSITIVE INFORMATION. A legitimate organization will not make unsolicited requests for your personal information or login details.
BE CAREFUL WITH LINKS. Only click on links that you are expecting. Hover your mouse over the link so that it reveals the true address of where you will be directed if you click on it. If the true destination does not match what is displayed in the email, this is reason to be suspicious.
BE SUSPICIOUS OF ATTACHMENTS. Only download or open on attachments you are expecting.
BE SUSPICIOUS OF ANY MESSAGE THAT SOUNDS TOO GOOD TO BE TRUE. No, you did not just win the lottery and no, you do not have a long lost relative of royal blood.
QUESTION SUSPICIOUS MESSAGES AND SOCIAL MEDIA REQUESTS, even those appearing to come from friends or co-workers. Your friend’s or co-worker’s computer may have been infected or their account compromised. If you get a suspicious request by email or social media, call the friend or co-worker directly using a phone number you trust. The cyber-criminal will often try to make the message appear as if it came from someone important in order to intimidate you into action. You should never worry about calling a co-worker, regardless of their position in the company.