{"id":88,"date":"2025-05-16T01:48:32","date_gmt":"2025-05-16T01:48:32","guid":{"rendered":"https:\/\/rjsecure.com\/?p=88"},"modified":"2025-05-22T18:24:34","modified_gmt":"2025-05-22T18:24:34","slug":"phishing-awareness-spotting-and-stopping-email-scams","status":"publish","type":"post","link":"https:\/\/rjsecure.com\/?p=88","title":{"rendered":"Phishing Awareness: Spotting and Stopping Email Scams"},"content":{"rendered":"\n<h3 class=\"wp-block-heading has-pale-cyan-blue-color has-text-color has-link-color wp-elements-59d0a538b76e794d22adc79f92b340e8\">What is Phishing?<\/h3>\n\n\n\n<p>Phishing is the fraudulent practice of sending emails or other messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. These can come in many forms, in addition to email, such as SMS phishing through text message, voice phishing through voice calls.<\/p>\n\n\n\n<p>The three types of phishing campaigns are blanket phishing to try to get the lowest hanging fruit, then there is spear phishing which targets a specific individual or group of individuals, for example, targeting an organization by doing reconnaissance on them. Then there is a type of phishing that is a bit more critical, targeting executives in a company to try to gain privileged information, for example targeting a CFO or Chief Financial Officer to gain payment information for fraud.<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-pale-cyan-blue-color has-text-color has-link-color wp-elements-740c604d0694c83bc0a801925093e330\"> Example Phishing email impersonating PayPal<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1024x595.png\" alt=\"\" class=\"wp-image-92\" srcset=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1024x595.png 1024w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-300x174.png 300w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-768x446.png 768w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1536x892.png 1536w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image.png 1538w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>As you can see, there are many indicators of a phishing attempt<\/p>\n\n\n\n<p>The email shows it is from Team Support, possibly PayPal support however it points to a malicious email address not affiliated with PayPal<br>The greeting is pretty generalistic as well as it has some grammatical errors in the text, legitimate emails would target the customer more instead of a general header<br>It tries to get you to click on the link to confirm your account information<br>Which will most likely redirect to their malicious website to have you log in and collect your credentials<br>If you did click on the link, and put in your credentials, it would most likely fail and then redirect to the legitimate paypal site but the damage would have been done and attacker has gotten the credentials<\/p>\n\n\n\n<h3 class=\"wp-block-heading has-pale-cyan-blue-color has-text-color has-link-color wp-elements-155dbad3415891a43c3edd490496aa93\">Example of an SMS phishing attempt<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"883\" height=\"1024\" src=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1-883x1024.png\" alt=\"\" class=\"wp-image-93\" style=\"width:405px;height:auto\" srcset=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1-883x1024.png 883w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1-259x300.png 259w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1-768x891.png 768w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/image-1.png 1206w\" sizes=\"auto, (max-width: 883px) 100vw, 883px\" \/><\/figure>\n\n\n\n<p>As you can see with this, this is a phishing text message impersonating USPS. The indicators of this are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the email address ending with a foreign top level domain (.ru) &#8211; \n<ul class=\"wp-block-list\">\n<li>This seems to be a throwaway email address using a malicious domain that the link might redirect to.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>There is also a spoofing USPS link, the official website for USPS is www.usps.com but this one says usps.com-packagesrpr.vip so this is a .vip top level domain not a com<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading has-pale-cyan-blue-color has-text-color has-link-color wp-elements-0398cb3737e0247ceeaeef8a0c6a6dff\">Phishing Prevention<\/h3>\n\n\n\n<p>There are many ways to prevent phishing attempts from compromising your account or organization:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Set up Multi-Factor authentication -&gt; This would require a second method to be inputted upon login so if an attacker DOES get your credentials to log in, they won\u2019t know the Multi-Factor\/MFA code. This should be phishing resistant such as a Authenticator App, Push Notification a pass key or a security key.<\/li>\n\n\n\n<li>Never click any links in an email from an untrusted source\n<ul class=\"wp-block-list\">\n<li>Recommended would even go further and never click a link or open an attachment until you reach out to the recipient directly to confirm what was sent to prevent known-user spoofing.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>For an enterprise, using an email security solution will prevent most of the phishing messages from getting to the users in the first place. \n<ul class=\"wp-block-list\">\n<li>Most home-based providers like Gmail, Yahoo, or Outlook have similar functionality to help prevent phishing emails from getting into your inbox.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>Below is an insightful phishing awareness video that also explains how to spot a phish and how to avoid being caught in the threat actors net.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Phishing - A game of deception - Cyber security awareness video - Security Quotient\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/WNVTGTrWcvw?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading has-pale-cyan-blue-color has-text-color has-link-color wp-elements-2fc04d2f7e6d5f653eaf0be85b0f1968\">Think You Can Spot a Phishing Scam? Test Your Skills! <\/h3>\n\n\n\n<p class=\"has-pale-cyan-blue-color has-text-color has-link-color wp-elements-eb11b06d911b6b51849b3e2304a48716\">Take a close look at the sample phishing email below and see if you can identify the red flags. Stay vigilant, stay proactive, and report suspicious activity to help make the digital world safer. Ready to put your cybersecurity instincts to the test? Let\u2019s dive in!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"645\" src=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1-1024x645.png\" alt=\"\" class=\"wp-image-96\" style=\"width:711px;height:auto\" srcset=\"https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1-1024x645.png 1024w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1-300x189.png 300w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1-768x484.png 768w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1-1536x967.png 1536w, https:\/\/rjsecure.com\/wp-content\/uploads\/2025\/05\/60132649281bc3e6d0261408_office365-phishing-example-1.png 1966w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Question 1:<\/h3>\n\n\n\n<p>What is the indicator in the sender&#8217;s email address?<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>It shows as Microsoft<\/li>\n\n\n\n<li>It shows email-records.com which is a legitimate Microsoft email<\/li>\n\n\n\n<li>It shows email-records.com which is malicious<\/li>\n\n\n\n<li>None of the above<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Question 2:<\/h3>\n\n\n\n<p>The email says, &#8220;A high severity alert has been triggered&#8221; Is this a phishing indicator?<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Yes, creating urgency is a common phishing tactic<\/li>\n\n\n\n<li>No, legitimate companies often show urgency for all alerts<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Question 3:<\/h3>\n\n\n\n<p>What\u2019s the safest action if you suspect this email is a phishing attempt?<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Reply to the email asking for more details<\/li>\n\n\n\n<li>Report the email to your email provider and delete it<\/li>\n\n\n\n<li>Click the link to investigate further<\/li>\n<\/ol>\n\n\n\n<p class=\"has-ast-global-color-3-color has-text-color has-link-color wp-elements-6fa00264a2f7544b4a4e3e92232e92ce\">Answers: [Highlight below line to check answers] <\/p>\n\n\n\n<p class=\"has-ast-global-color-5-color has-text-color has-link-color wp-elements-d365e5fbafa7374b26ff82a421e8213f\">Q1:3 Q2:1 Q3:2<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p class=\"has-luminous-vivid-orange-color has-text-color has-link-color wp-elements-a7ef44304aa9b05f01b3d2bb024c8260\">~ Spotting a phishing attempt is half the battle\u2014stopping it is the victory. Your awareness is the shield against online deception. ~<\/p>\n<\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is Phishing? Phishing is the fraudulent practice of sending emails or other messages pretending to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. These can come in many forms, in addition to email, such as SMS phishing through text message, voice phishing [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[10],"tags":[9,8],"class_list":["post-88","post","type-post","status-publish","format-standard","hentry","category-phishawareness","tag-cybersecurity","tag-phishingawareness"],"_links":{"self":[{"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/posts\/88","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rjsecure.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88"}],"version-history":[{"count":10,"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/posts\/88\/revisions"}],"predecessor-version":[{"id":122,"href":"https:\/\/rjsecure.com\/index.php?rest_route=\/wp\/v2\/posts\/88\/revisions\/122"}],"wp:attachment":[{"href":"https:\/\/rjsecure.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rjsecure.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rjsecure.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}