Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Phishing from Beyond the Grave...

    Eric Howes
    14 Sep


    Phishing_From_Beyond_The_GraveBy Eric Howes,  KnowBe4 Principal Lab Researcher.

    It's no secret that the threat of phishing emails has been growing at an alarming rate for a number of years. Indeed, ZDNet recently reported that 1 of every 100 emails is now malicious in one way or another, "likely to deliver malware, conduct spear-phishing, commit fraud or other activity conducted by cyber criminals."

    Thus, it should surprise no one that cybercrime has become an incredibly lucrative endeavor, pulling in an estimated $1 million per minute for malicious actors.

    Even we were surprised, however, to learn that cybercrime, driven largely by phishing attacks on softly defended organizations, is now so lucrative that even dead people are apparently getting in on the act.

    Consider this routine "fake invoice" phish, reported to us by one of our customers using the Phish Alert Button (PAB):

    clueless_IT-1

    We see large numbers of these phishes every day. Unfortunately, anti-virus scanners don't have a very good track record with the malicious attachments that often accompany them. In this case, however, Office 365 blocked the attachment as malicious:

    clueless_IT-2

    The user hit the Phish Alert Button (PAB), alerting his company's IT department. In a puzzling response, IT advised the user that the email in question was in fact legitimate despite the fact that Office 365 flagged the attachment:

    clueless_IT-3

    The user wasn't buying it, though. And his reasons for thinking the email malicious went far beyond Office 365's blocking of the attachment:

    clueless_IT-4

    To his credit, the IT guy finally saw the light...

    clueless_IT-5

    Our New-school Security Awareness Training advises users to watch for 22 different "red flags" that could indicate emails they receive are malicious. We must admit that we hadn't thought of this particular "red flag," and it is a big one: "The email is from someone who died years ago."

    If your users are well-trained and on the alert, though, they will be prepared for any eventuality -- even when they get phished from beyond the grave.

    Here is the full document with a list of red flags to watch out for. We suggest you share this with your users!

    22 Social Engineering Red Flags

     

    Return To KnowBe4 Security Blog

    Topics: Phishing

    Eric Howes

    ABOUT ERIC HOWES

    Read more from Eric »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews