How to spot a phishing email

The editorial team at CSO were targeted by a phishing campaign recently. If it had been successful, the person(s) behind it would have tricked us into installing the Zeus Trojan, which is financial malware. Lucky for us, however, our user awareness training took hold, and we used some basic logic in order to spot the scam. Here's an overview of the phishing message itself, and the thought process used to determine that it was a scam.
  • 1 of 5

Image courtesy Steve Ragan

Does this look suspicious?

When this email arrived, the CSO editorial staff questioned it immediately (Read the full story here). First, none of us had heard of Fiserv before, and Pat Evans was the name of an unknown person. The message itself is addressed to the main editorial team, but it's also addressed to addresses that none of us had ever seen before.

The email's subject, simply telling us that there is some sort of scanned file being forwarded, is another red flag. Who would be scanning files and sending them to us? Why would anyone do that and not tell us to expect said scans? Finally, the email has a ZIP attachment, which is a known potentially malicious file type, along with DOC, XLS, EXE, and PDF.


Return to slideshow
Join the discussion
Be the first to comment on this article. Our Commenting Policies