Your company is participating in a Cyber Security Education Program.


This Corporate Facebook Phishing Attack included the following social engineering techniques:


  1. Corporate initiative which orders action: (example: "Click the button below").
  2. Use of several corporate logo/images (example: Company and Facebook Logos) to create familiarity.
  3. Spoofed domain associated with your company to appear official (example: <company>-fbbiz.lang-en.ca).


How to spot this was a phishing email:


  1. Was this an email you expected to receive? No - Be cautious
  2. Has this communicated through a company all hands from HR or the corporate marketing department?
  3. The sender named email address was not consistent [name and email address do not agree] (example: Facebook Business <do-not-reply@secure-login.host>)
  4. The primary domain was not correct for Facebook (example: <company>-fbbiz.lang-en.ca is not associated with facebook.com).
  5. This email was/may have been filtered and in your junk mail folder.


“An employee is either an asset to your cyber security or a risk.”