Last week, I had the pleasure of penning an article for AppRiver‘s corporate blog about a USAA phishing blast that has recently been spotted. The campaign in question masquerades itself as an official email from USAA and attempts a social engineering attack on unsuspecting victims for financial gain.This article was very popular and in fact was republished by various cyber security publications, including SC Magazine.
It was very exciting to have my work recognized in such a big way! The work that I do as an email security specialist is indeed very important to help protect business clients from phishing attacks and malware-laced emails. Below is an excerpt from the SC Magazine republication:
Two recent examples displayed by AppRiver show USAA customers receiving emails stating that either a pending transaction was cancelled or that their account must be updated.The goal is to obtain the customer’s USAA login credentials, Tolbert told SCMagazine.com in an email, adding that no other malware was downloaded. In order to garner a response from the victim, the malicious actor makes certain to clearly state that the new information is required to keep the account in question safe from being accessed by unauthorized personnel.
One takeaway from this article that I would like people to know is that phishing campaigns come in all shapes and sizes. They often range from blatantly obvious to very difficult to identify. Even experts like myself can sometimes have a hard time identifying a phishing email, but we have various tools and techniques at our disposal that can assist our efforts. For the average end user, it’s important to treat each email with objectivity and remain vigilant at all times. If an email appears suspicious to you in any way, proceed with caution. Double-check links before you click on them and be sure to avoid opening attachments unless you’re expecting an email with one.