The Exploit

Notes from the Front Lines of Penetration Testing

It Might be a Phishing Attempt . . .

It Might be a Phishing Attempt . . .

Written by

Hackers and cybercrooks use lots of tools to get into your network and steal your information, but the cheapest, easiest, and most common is still by email phishing. Effective spam and virus filters can shield you from a lot of these attempts, but certainly not all. The most effective way to protect yourself is to educate your team. Toward that end, here is yet another reminder about some tell-tale signs in an email that it might be a phishing attempt. Of course, there are some other signs that tell you it’s definitely a phishing attempt.

  • If your CEO suddenly asks you to buy a ton of gift cards, it might be a phishing attempt. If she’s the type who also frets over the cost of paper clips, it’s definitely a phishing attempt.
  • If it’s a random news story from an outlet you don’t follow, it might be a phishing attempt. If the link points to http://mailorderbrides.someassemblyrequired.com, it’s definitely a phishing attempt.
  • If you see .ru in the email anywhere, it might be a phishing attempt. If it’s written in Cyrillic script, it’s definitely a phishing attempt.
  • If you vaguely remember your network admin warning you about the sender, it might be a phishing attempt. If she’s running toward you, waving her arms wildly, and shouting “nooooo!” it’s definitely a phishing attempt.
  • If it’s an unsolicited email, even from a reputable company, it might be a phishing attempt. If it’s from Facedook, Amazom, Microsfot, or Gooogle, it’s definitely a phishing attempt.
  • If your friend says she’s stranded in Japan, it might be a phishing attempt. If she hasn’t traveled outside the city since ‘N Sync broke up, it’s definitely a phishing attempt.
  • If it’s about your benefits or salary and you had no prior notice from HR, it might be a phishing attempt. If they misspelled HR, it’s definitely a phishing attempt.
  • If it’s from your significant other reminding you to bring home coffee, it might be a phishing attempt. It’s probably not a phishing attempt, but now you have a (lame) excuse if you forget.

 


Bonnie Smyre

Posted on

Categories:

Also by Bonnie Smyre

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.