Password phishing…another example
If you look at this, you will see a number of problems with this e-mail. Did you know that was BY DESIGN? This was designed to catch the people that don’t think too hard about it. Those people are less likely to realize that they gave their password away… which gives that bad-guys more time to steal their stuff!
Bad-Guy Playbook:
Make something look legit enough to be real to someone that isn’t paying attention. Make it look like something that needs to be done now; no time to think! Make it look easy enough that it won’t take much effort to do. Make it understandable.
This example:
- Urgency – It expires TODAY! Better do it now…
- Looks like something you use and trust – ‘Look we are M-icros-oft’…trust us! (Yes, it actually said “M-icros-oft”)
- Has simple language – no big words, no punctuation
- Looks easy – ‘Keep same access’ <– easy right?
Latest posts by Paul Bergman (see all)
- The Imperative for Cyber Talent on Corporate Boards - March 29, 2024
- Talking CMMC preparation - March 12, 2024
- Protecting Your Business: Strategies to Combat DNS Attacks - February 20, 2024