This means that this link is pretty trustworthy:
‘https://www.thesecurityfactory.be/services-creating-awareness-phishing/’
But these are a bit sketchy:
‘https://thesecurityfactory.be.attacker.com/some-page/’
‘https://attacker.com/thesecurityfactory-be/’
Also watch out for links that are referring to domains that look very similar:
- thesecurtyfactory.be (there is an ‘i’ missing in security)
- thesecurityfactory.me (.me instead of .be)
2. The mail is sent from an unrelated domain. The structure of an email address domain follows the same structure as a web domain.
So watch out for mails coming from addresses in the form of
‘thesecurityfactory.be@attacker.com‘
‘info@thesecurityfactory.attacker.com‘
3. A sense of urgency. A phishing message wants you to act quickly, before you even have the chance to think about the contents of the message. Be wary of messages promising you gain something or warn you of losing something if you don’t react quickly.
4.The message is uncharacteristic. The message requests you to take an action that is out of the ordinary for the sender. Eg.:
- Your bank asks you to provide sensitive information via mail.
- Your IT team asks you to download and install some tool from a mail attachment or from the internet
Now, if you have doubts about the legitimacy of a message, how should you react?
- First and foremost, do not engage with a message you do not fully trust. Do not click any links, and do not reply.
- Contact the sender via known, and established channels.
- Did you receive a suspicious message from the bank? Contact them, for example, via phone. Those phone numbers are printed on official documents and can be found on their main website (lookup the main website, and don’t engage with the link in the suspicious message)
- Did you receive a suspicious request from the IT team? Contact your helpdesk via phone
- Report it to your Service Desk. Preferably, create a new mail and include the suspicious mail as attachment.
- Delete the suspicious mail