You get an email from somebody you seem to recognize or a familiar organization and as soon as you open the email, click on the link within the email, or download the attached file … all kinds of bad things start to happen.
Likely, you have just become a victim of an email phishing attack. The more sophisticated the hacker, the more likely it is a spear phishing attack, which is even more targeted to you or people like you.
I recently received something in my Spam (junk) folder that I deliberately removed from that folder – my first mistake. But, before I actually clicked on anything, opened anything, or downloaded anything, I started to see clues and warning signals.
This is the phishing attempt (above). The first thing I noticed is that the email was cleverly disguised although it should have come from ferc.gov but instead it came from fercgov.com. That’s the first clue.
I also noticed that some spacing was missing. There should have been a space between Commission and (FERC) and they made this mistake twice – first in the initial sentence and again in the signature block. Obviously, this is an automated copy/past job.
I also noticed a weird character: (FERC)Â which is not part of the normal, American, QWERTY keyboard. Something definitely was weird in this email.
Finally, I noticed that the grammar was simply off a bit. Moreover, the person who would likely send me a solicitation would probably be a contracting officer, not a Deputy Director of an agency.
I have to admit, I *almost* clicked on it. Everybody needs to situationally aware all the time. We can never let our guard down. We have to have a culture of security and an awareness of cyber security threats. We need to be forever vigilant against possible cyber security threats.