This is something I try and explain at every cyber security awareness session I run – what is a phishing email? The answer is constantly changing as the threat actors never stand still in their attempts to get us to infect our own computers.
I used to point to bad grammar and ugly English as an indicator of a threat phishing email, but the threat actors have access to ChatGPT, just like we do, so they get it to write their emails. Now they read perfectly.
Other things to look for are the “too good to be true”, the “do this or lose that” or “your delivery is delayed, click here” emails. Those messages can be spotted – if you pay attention and are not rushed with your email but again those messages have become more subtle and harder to spot.
That is why I always read the articles on SANS Internet Storm Centre that examine the structure and delivery of a phishing email and the associated malicious package to see what we should expect.
You should have a look as well.
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT – SANS Internet Storm Centre
The Phishing Email
The phishing email in this example is a sales enquiry – how many of us get those? A new order – let’s click on it…
The article then takes us through what happens next and includes screenshots of the email, files etc. It does get technical and you can stop reading when you get bored but you will have seen what a current threat email looks like and what it is trying to get you to click on.
The malware that deploys in this case is a loader rather than direct malware that goes out to the internet and then installs the threat malware.
Your takeaway from this – distribute this article to your team so they too can recognise a phishing email or better still get you and your team onto one of our cyber awareness training courses. There are several options to suit all organisations.
Clive Catton MSc (Cyber Security) – by-line and other articles