We have seen a few instances of a new credential phishing email that has been going out today. It is a classic example of a fake “password expiration” phish bait. While email services will start recognizing this soon and start to block them, it is a good example of what these look like so you can recognize them.

If you get an email telling you your need to reset your password, it is 99.99999% fake, and an attempt to steal your credentials. Don’t click on the link or button and delete the email.  If you can’t decide if an email is legitimate, forward the email to us and we can take a look at it.

In the graphic below, I have highlighted features of the email that tip off that is a phishing attempt.

Example of a credential phishing email with text bubbles

As this example shows, the bad guys are very sophisticated in crafting phishing emails.  As a result, employees are the weak link in an organization’s network security, circumventing anti-virus software, firewalls, etc.  In fact, 91% of successful data breaches started with a spear phishing attack. Employees need to be trained and remain on their toes with security top of mind.  Please visit our Get Started page to start the conversion about our platform for training your employees and testing them on an ongoing basis.