Security News > 2020 > November > Detecting Phishing Emails
Abstract: Phishing scam emails are emails that pretend to be something they are not in order to get the recipient of the email to undertake some action they normally would not.
While technical protections against phishing reduce the number of phishing emails received, they are not perfect and phishing remains one of the largest sources of security risk in technology and communication systems.
To better understand the cognitive process that end users can use to identify phishing messages, I interviewed 21 IT experts about instances where they successfully identified emails as phishing in their own inboxes.
IT experts naturally follow a three-stage process for identifying phishing emails.
At some point, some feature of the email - usually, the presence of a link requesting an action - triggers them to recognize that phishing is a possible alternative explanation.
News URL
https://www.schneier.com/blog/archives/2020/11/detecting-phishing-emails.html
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)