Indicators of Phishing/Whaling Attempts

Two women looking up at many cameras

Indicators of Phishing/Whaling Attempts

Some of you may already be familiar with the information I am about to share so this will serve as a refresh if you consider yourself savvy in these matters.

I want to send out a screenshot of a phishing email received by our CEO to inform you of some key indicators of phishing attempts when reading your email messages.

The screenshot in this article is a snapshot of a typical phishing email message. In it you will find the following indicators. You should become familiar with these types of indicators when reading your daily email messages.

  1. The To: address is to an old domain that is no longer in active use. Webhead no longer actively uses the web-hed.com domain.
  2. The email introduction indicates software as a service (Saas) that we use which is Office 365.
  3. The email introduction indicates a technical problem which many see as an immediate issue and denotes urgency: “You are out of storage space.”
  4. The content of the email contains a plausible threat, one that could affect productivity: “stopped from sending or receiving emails”.
  5. The content of the email contains a solution and a call to action to prevent that threat: “avoid your email being compromised” and “Enable More Storage”.
  6. The content of the email contains an authoritative message: “This is a mandatory communication”
  7. Lastly, the email contains a nefarious link. It is important that you do not click on the link immediately or at all if you have any suspicions. If you mouse over the link you will notice a link that is not legitimate. The link contains a base URL that is
    • Foreign: .ke (Kenya)
    • Unrelated: bobbypallphotography
    • Script launching: dundun.php (php is programming language and although you will come across legitimate links ending in php, the file name “dundun” is an onomatopoeia for a computer sound indicating an error. This is a less obvious indicator.)

    I hope you find this information useful and, please, practice care when reading through your email messages. Webhead actively employs spam and phishing controls to stem the flow of these types of emails, however they can still get through.