by Ignacio Martinez on March 1, 2018
In a previous post, I talked about email phishing — a scheme used by hackers to try to gain access to your sensitive information, by imitating or impersonating a legitimate organization. With phishing, the bad actor convinces you to key in your sensitive information which they then collect for misuse.
There is also a separate scheme known as spoofing, where the hackers create a nearly pixel-perfect message that tries to convince you to click on a button or download an attachment that actually contains a malicious payload.
While one scheme tries to “pull” information and the other attempts to deliver malicious software, both can be deployed and delivered in similar looking email messages. Although the messages can look convincing, there are ways to spot them. Today I want to take a look at some quick ways to see if a suspect message is legitimate or not.
Smartsheet will never email you to request sensitive data, such as passwords, credit card details, and social security numbers. However, malicious actors may use a very convincing email leading you to what appears to be a a Smartsheet login page or authentication page to entice you to either enter your credentials or to download malicious software to your system.
Our security team works continuously to evolve our automated detection and prevention processes, and we act immediately when alerted to suspected phishing or spoofing attacks to shut them down. Unfortunately, bad actors are continuously evolving their tactics, so we want to make sure that you have some tools to detect phishing or spoofing and avoid becoming a victim of such an attack.
Writers and Bloggers from Smartsheet.