Thinking like the bad guys is part of being in cybersecurity. Our ability to anticipate the moves of our opponents is essential, just like in a chess game – except with real business consequences. Drawing on my prediction of worse spam to come in 2020, I had been thinking about the “perfect” phishing email for some time… then, I saw it in the wild!
I had to share it with you, because the common red flags that we train our users to look for were not there. This speaks to the evolution of malicious email, which can now deceive even the most diligent of recipients. Among the first things we instruct our users to check for (even before proper grammar and references to foreign royalty 🙂 ) are:
- who it is from (the name, the address, the user name)
- what they are asking for / directing you to (the sign-in page, the bank transfer form, the video of your favorite celebrity)
But this particular hack leaves no indication that either is amiss, and results in the complete compromise of one of your most sensitive accounts – hence, the “perfect” phishing email. Read on to see how this is possible, and what to do about it.
The post The Perfect Phishing Email appeared first on Security Boulevard.