Your company is participating in a Cyber Security Education Program.
This Two Factor Activation (2FA) Phishing Attack included the following social engineering techniques:
- A lure email, an email sent prior with no malicious information, to lower your guard and expect the phishing email.
- Email name included your company domain (example: admin@yourcompany.com)
- Email name includes <fake email> to appear as the "real" email used to distract you; this is associated with #2
- Subject to appear critical (example: Security Update/Action Required)
- Time bound (example: ... execute within 24 hours ...)
How to spot this was a phishing email:
- From email address ("real" at end; after <fake email>) is some random domain not associated with your company or any software product used (example: @reset-outlook.com is not associated with your company)
- The link provided references a domain not associated with your company (example: reset-outlook.com); however a domain which resembles a product you might use.
- This email was/may have been filtered and in your junk mail folder.
