Phishing emails remain a top social engineering tactic for cybercriminals. These emails may request recipients open an attachment, click a link, provide account credentials, transfer funds, or disclose sensitive information.

Phishing campaigns often impersonate known organizations, businesses, and individuals to convey a sense of legitimacy and convince targets to take a desired action (trick). In some cases, these email schemes claim recipients will receive rewards or assistance with their devices, or that they are helping to gift others (treat). Often, the emails that successfully pass through an email security gateway do not contain inherently malicious indicators, such as a link or attachment, and instead simply ask recipients to take an action. Examples of recent messages that attempted delivery to user inboxes can be found below.

Refrain from acting on any email request to transfer money or to change, or disclose employee information without verifying the request’s legitimacy by contacting the sender via a separate means of communication, such as by phone.

Maintaining awareness of the current tactics and techniques used by cybercriminals greatly reduces cyber risk. Some of the most common schemes in this category are invoice, gift card, and direct deposit scams. If you ever encounter an email that looks suspicious, better to be safe than sorry. If you need cybersecurity assistance, please feel free to contact us here at Cyber Command.