Check out this highly personalized and targeted phishing attempt one of our Bedrock employees received recently:
They even used our logo and created a footer that appears to link to our website!
There are a few telltale signs this email is a scam. First, there are several grammatically incorrect errors. Usually that's the quickest and easiest way to tell something may not be legitimate. Next, if you look closer at the "From" email address, it doesn't match with the sender's name. It shows as coming from bedrocktechnology.com Team, however, if you look closely at email address, it ends with a .biz instead of a .com. It's not even close to resembling a bedrocktechnolgy.com email address. Finally, another common sign of a phishing attempt is using social engineering: in this case, they are instilling a sense of urgency to the receiver. The email is marked as "high" and they are requesting to receiver to "resolve now." Overall, this particular phishing tactic is known as email spoofing, which you can read more about more here.
While absolutely no one is completely safe from receiving these kind of emails, no matter how sophisticated and up-to-date your technology is, it's important to remain proactive when fending off bad actors. Knowledge is power. Keep yourself and your employees up-to-date with training so that you are able to identify phishing attacks. If you're still not sure if an email that was sent was legitimate, you should ask the sender if it came from then via another method, such as a phone call, text, or separate email (do not reply to the sender in question). Additionally, a little cybersecurity 101 could go a long way by keeping operating systems up-to-date, using antivirus, and implementing a firewall.