What Does a Phishing Attack Look Like?

Phishing attacks are one of the top tools cybercriminals use today. That's why 93% of successful cyber attacks involve either phishing or some form of social pre-texting.*

It's easy to take for granted just how simple it is to pretend to be someone else online, but that's the core of any good phishing campaign. Phishing messages typically disguise the sender's identity, allowing the sender to pose as someone the recipient will trust. Exploiting that trust to gain valuable data, like an employee's Slack login as we'll see below, is how phishing attacks work. 

For example, take a look at this phishing email that appears to be from Slack:

Notice anything fishy about this email?

Notice anything...fishy about this email? There are two indications that this email is a phony, both are highlighted in this version:

The email address that sent this email is not Slack.com, it's Slrck.com. The landing page is also on Slrck.com.

First, if you look closely at the email address that sent the email--as opposed to the display name of the email address--you'll see that it's from Slrck.com, not Slack.com. And if you hover over the link to "Log In to Choose a New Password" button, you'll see that it also leads to Slrck.com.

The same applies on mobile: Below you can see the email address that sent the email is Slrck, and if you hold down any link in an email you'll see the pop-up below that shows the landing page domain and URL.

Here's what to look for on a mobile device to detect a phishing email
Corporations, enterprises, and many organizations around the world have started to use a variety of tools to combat phishing in corporate inboxes. This is great news, but cybercriminals are already starting to adapt by using messaging on popular social networks for phishing and targeting an employee's personal email accounts.

"Once [cyber attackers are] into your personal account, they could be loading malware onto the machine you use for both [personal and business email]," says Matthew Gardiner, Director of Product at email security company Mimecast, an email security company.

Cybercriminals are always looking for the easiest way to attack your organization. As organizations around the world work to make today's popular phishing techniques more difficult for cybercriminals, cybercriminals will find new phishing methods to exploit employees.

That's why Pikotime created training software that allows security leaders to create a new lesson in just a minute or twoPikotime's customers know that keeping training up to speed with the latest attacks is a critical part securing an organization: Employees who know what the latest cyber attack looks like are an organizations single most valuable security asset.

*Verizon, 2018 Data Breach Investigations Report