I received this email this morning and I thought it would be a great example to point out the issues in the email that flag it as a phishing email.
Alright, here we have Jr. emailing us regarding an invoice. Two things off the bat, I’m not expecting anything from someone named Jr. and I have no idea what invoice I should be expecting. The last name Hade is not familiar to me. Next this attacker used Hello and Dear right after each other. This isn’t done. Then instead of using Jason to address me he uses my email address. Next looking at the attached PDF file name, which you should never open or download, the file name is just gibberish. The attacker didn’t even go to the bother of naming it “invoice” or anything that would make more sense. If we keep looking we see that their email is gibberish too and its from a gmail domain, who does legit business with a gmail address and not a real domain like bestbuy.com or something are slim.
Okay, so I know this is a phishing attempt, but what do I do with it? I could just delete it, but that doesn’t flag as something that gmail can research and prevent other users from getting this message. I could report spam, but it’s worse than just an unsolicited marketing email. This thing is malicious, so let’s see what gmail suggest.
Okay so I click on The three dots near reply and I can submit a phishing attempt.
After clicking on the message we get a pop-up that says…
And the email is removed from my inbox. We’re done. Great job and keep vigilant, Always be suspicious!