Real or Fake?

Security Bytes recently posed this question on our Michigan SBDC social media pages. Below is a screenshot of a potential phishing email message, sans the sender information. So, is this real or fake?

And the answer is (insert suspenseful music and a dramatic pause)!

Honestly, it is tough to tell, which is the point of this particular example. Not all phishing emails are obvious. You have to really scrutinize the entire email. I left out the sender information intentionally to highlight the difficulty in deciding solely based on the message itself.

Red Flag Warning

I circled two items in red to highlight them as red flags that may indicate it is a phishing email. The first item circled in red is the Application No. 8675309 (I did obviously alter that number to protect the original email and bonus points to those who recognize the number).

The second item circled in red a link the email is asking you to click on. Most reputable organizations rarely include a link to directly access your accounts or to create new accounts. They will typically guide you to their website allowing you to choose your login option on the website.

To get back to the question at hand though, is this email real or fake? It was a fake email, better known as a phishing email. The tells were the two red circled items, the account number was not correct and the linked website was a malicious website that attempted to steal usernames and passwords.

For more on phishing and other cybersecurity topics, check out Small Business, Big Threat for more!