1. What is phishing?
A type of fraud in which a hacker attempts to gather
personal information by impersonating a legitimate
source or by sending users to a malicious website.
Hackers try to obtain information that could help them
pose as someone else, usually to steal money or
intellectual property. They also try to infiltrate an
organization’s network, stealing credentials, disrupting
critical processes or encrypting (locking) data and
making it inaccessible until ransom demands are met.
2. Phishers can create fake emails that
appear from someone you trust, such
as a bank, a social media website or
even from a Ruhrpumpen account.
With the uptick in ransomware infections that are often
instigated through phishing emails, it’s crucial to take
proactive measures to help protect yourself and the
organization’s security.
3. 10 things to watch
1
Don’t trust the display name of who the
email is from
Be sure to look at the email address to confirm the true
sender
6
Beware of urgency
The message may make you think there is an
emergency, they make you act without thinking, or urge
you to make an action like clicking on a link or opening
the attachment
2
Look but don’t click
Hover your mouse over parts of the email without
clicking, if the alternative text looks strange don’t click it
7
Check the email signature
Legitimate senders will include a full signature block at
the bottom
3
Check for spelling errors
A normal sender would care about spelling and
grammar, don’t you think?
8
Be careful with attachments
Attackers will trick you into opening or downloading the
attachment
4
Consider the salutation
Is it vague or really general? Is it addressed to “Dear
Sir/Madam” or “Valued customer”?
9
Don’t believe everything you see
It’s better to be safe than sorry, if you see something off
its OK to doubt (that Nigerian prince in trouble can wait)
5
Is the email asking for personal
information?
Legitimate companies do not ask for personal
information in the email
10
When in doubt, ask
No matter the time of day or the concern, report the
email to the IT department
4. The anatomy of a
phishing email
1. Email sent from
suspicious email address
2. Unsolicited attachment
3. Generic greetings
4. Text prompts you to
open attachment
5. Don’t rely on images, brand logos
and trademarks can be easily replicated
6. Toll free numbers that do
not match known numbers
5. The anatomy of a
phishing email
1. Email sent from a “good”
address, but unsolicited
2. Grammatical errors
3. Why do I have to go to a
website to see the message?
4. Checking the link. The alt text
tells us it leads to a strange link.
5. No signature, footer is a bit
off because it mentions
LinkedIn even when the
message was sent by “Donald”
6. The anatomy of a
phishing email
1. Email sent from a free gmail account,
weird name for an email address
2. Subject is about pumps, but not
exactly what someone would write as
Subject for an email
3. PDF attachment
4. No message contents
7. The anatomy of a
phishing email
1. Email sent from a legitimate
address inside Ruhrpumpen
2. Checking the other accounts,
we found someone using a
“bogus domain” (fake domain)
Hacker was messing with
a payment, tricking the
customer to make a
deposit to another bank.
8. How to spot a dangerous
email attachment?
Email attachments can be harmful, any type of file can be attached to an email.
85% of malicious emails have
these types of files attached: 7 Z
Other potentially dangerous attachments include:
Is the sender someone you recognize and trust?
Microsoft Office Packaging of files
File extensions could be
changed to .doc(1),
making you think it is a
Word Document but
instead it is a malware.
IMPORTANT
9. What to do?
Never give out personal or sensitive information based on an email
request.
Don’t trust links or attachments in unsolicited emails.
Hover over links in email messages to verify its actual destination, even if it
comes from a trusted source.
Instead of clicking on the link, search on your web browser (Google it!).
Be suspicious about phone numbers in emails. Use the phone number
found on a trusted directory instead.
Report these kind of emails
to the IT department