Jon TamplinHow to spot the red (and green) flags in a phishing email scam

Cybercriminals don’t discriminate and even cybersecurity companies can be the target of their increasingly sophisticated attacks. This week we received a phishing attempt that is such a typical example that I couldn’t not share it.

Cybercriminals are using more and more sophisticated methods to breach our defences, and phishing attacks have evolved to become more intricate and difficult to spot. In this blog, I’ll walk you through each stage of this real-life attempt, highlighting red flags along the way and pointing out the green flags that make it harder to spot.

So, here you can see a number of flags pointed out in the email we received:

The attached Word document asks the recipient to scan a QR code with their phone.

The image below shows the document and several more red flags:

The malicious link led to a fake Microsoft 365 login page designed to mimic the genuine one closely. While it may appear almost identical to the real Microsoft 365 login, there are key red flags to watch out for:

Why smartphones pose a specific risk

Phishing attempts often include QR codes to be scanned with smartphones because:

• Mobile browsers and apps might not display red flags (like suspicious URLs) as clearly as desktop browsers.

• Smartphones may have fewer security features compared to corporate laptops or desktops, increasing the risk of successful phishing attacks.

• Scanning a QR code is quick and convenient, encouraging impulsive actions without a thorough inspection.

This example highlights just why it's so important to educate your employees and remind them to stay vigilant for the subtle clues that give away this kind of attack attempt.

How ThreatAware can help

ThreatAware offers a single source of truth for all devices accessing company data and ensures that every security measure is deployed correctly. This enables you to monitor and manage your security protocols simply and effectively, guaranteeing that every layer of defence is active – a vital part of maintaining a solid security posture across your entire IT landscape. If you’re looking to reinforce your cyber security posture, book a ThreatAware demo today.