Emails being sent from the bad guys have been increasingly hard to detect. These emails appear to be like any other normal email you’d receive.
If a business partner or an employee at an organization your company is working with has a security incident where their email account becomes compromised, the bad guys can hijack that account and send hundreds of emails out to anyone they can find in that person’s Address Book, Inbox, or Sent folder. Meaning you might get an email from a bad guy that appears to come from a friend, a business partner, or company you’re familiar with.
So, how can you distinguish the real emails from the malicious ones? Ask yourself:
- Was I expecting this email?
- Did I request or expect this attachment?
If you’re not asking yourself that question, then you’re asking for it.
Always remember: “When in doubt, throw it out!”