The threat was disguised as a Starbucks gift card offer; clicking the link to download the gift card installed malware on users’ computers, which enabled the attack.
How Can You Identify a Phishing Email?
Phishing emails typically contain one or more of the following items:
- a request for the disclosure of a password or login name
- a link to an unfamiliar website (to find the true website, hover over a link without clicking it)
- a subject line with exclamation points
- an urgent request for immediate action with dire consequences for not acting promptly
- a generic greeting message
- spelling errors, poor grammar and/or improper use of capitalization
- no contact information
How Should You Handle a Suspected Phishing Email?
Recent studies have shown that the majority of people who fall prey to phishing emails usually respond in the morning, likely while sorting through email at the beginning of the work day when they may be less vigilant about scrutinizing suspicious messages.
The best way users can help protect against phishing attacks is to pay attention. Be vigilant in reviewing messages and delete any that are suspicious. “If in doubt, throw it out.” If the message is legitimate, the sender is likely to contact you again. And, if the offer seems too good be true, it probably is.