With the holiday season rapidly approaching, the expectation is that the number of phishing emails will continue to rise. Phishing remains the number one method that cybercriminals use to distribute Malware, gain access to sensitive information, and steal information that they can then sell to make money. In fact, a recent statistic suggests that 91% of all data breaches started with a phishing email. For that reason, I take examples of phishing emails that I receive, or my coworkers receive, post them to the blog, and point out the things of which you need to be careful. I do this to educate folks about what the latest threats look like, what differentiates a good phishing email from a bad phishing email, and how to protect yourself from an attack. Below is an example of a phishing email I received back in June suggesting that I needed to attend a court hearing for evading taxes.

Before we dig into the nuts and bolts of this email, one thing that I want to point out is that this came to my work email address, not my personal email address. Second, this email ended up in my inbox and therefore made it through any spam and spoofing filters, which is moderately concerning. Third, if I were to categorize this phishing email, I would put it in the category of “meh.” Not terrible, not great, just “meh.” Onto the actual email:

  1. The first red arrow points to the email address that the supposedly legitimate email came from. As you can see, it is from an email address that is based in Germany. The first question that should come to mind is why is someone from Germany emailing me to let me know that I have evaded taxes here in the United States? Red flag # 1. The next question should be is why would the IRS email me to let me know I must be in court in 2 days (more on that later) at 11:49 PM at night? Red flag # 2. Whenever you encounter a suspicious email you can always examine the full details of the sender’s email address to help deduce whether the email is safe or dangerous, however please note that even a legitimate looking email address is not a guarantee of safety! Hackers employ a technique known as spoofing to foil even the experts.
  2. See the date that is circled in red of 6/17/17 at 3:30 PM? Yeah, the 17th was a Saturday and I am certain that no courthouses are open on Saturdays. If you read a bit further down in the email, you see it says that if I cannot attend, either I or my attorney must notify them in writing no later than 10 working days before the first hearing. I am no math major, but my “notice” came only 2 days before the hearing, thus I am already in violation.
  3. The body of the email isn’t terrible. It isn’t great, but it’s not terrible. It is fairly well written, with the exceptions of choosing poor dates and making deadlines that have already passed, it really isn’t bad and the wrong person could easily see this as legit, at least on the surface.
  4. The last red arrow points to a hyperlink where you can “Get Tax Notification.” This is where the danger lurks because once you click on that link, who knows what is going to happen? You might get infected with Ransomware or some other form of malware that does any number of things to your computer, none of which would be viewed as good. In fact, when I hover my mouse over the link, it shows me a link in Google Docs. Again, I am certain that the IRS doesn’t use Google Docs to house their tax notifications or a “list of documents that I would need to provide in court.” I may be wrong but I doubt it.

This is a good example of a phishing email that could be mistaken as legitimate. It does a decent job of “scaring” the reader into thinking that they have done something wrong, thus they need to open it and rectify the situation. With the holidays approaching, the common tactic is for cyber criminals to use fake FedEx and UPS tracking information to lure you to click on the link. Getting a package that you are expecting can be exciting and in that moment of excitement, you might be tempted to click on a bogus link and allow something bad to happen. When this situation arises, and you get that email with the tracking info, do yourself a HUGE favor: Hover your mouse over the link (or an email address) to see where it is taking you. If that link points to anywhere besides FedEx or UPS, (or is in any way what you don’t expect or think is right) DON’T CLICK THE LINK. Take an extra 30 seconds to ensure that the information is legitimate. Trust me, that 30 seconds will save you a ton of time, money, and headaches compared to blindly clicking on the link!

Always remember, whenever you have the least bit of doubt, even after availing yourself of the tips shared here, the best step you can take is avoid clicking on any link and or document in a suspicious email. Should you, thorough an abundance of caution, miss acting on a truly valid email, the sender will contact you again and you can always contact the sender by phone to verify that the communication is valid.

For more information on other Information Security topics, feel free to check out our blog at https://www.compassitc.com/blog. Till next time, stay safe out there folks!

Geoff Yeagley is the AVP of Marketing for Compass IT Compliance. Since joining Compass in 2013, Geoff has worked with numerous clients across several industries, including Merchants/Retailers, Healthcare, and Financial Institutions to assist them in assessing their Information Security program and complying with various Federal, State, and Industry Regulations. You can find Geoff on LinkedIn.