Email Security Blog

Catch of The Day Insuphishent Funds

How to Spot a Fraudulent Email 

How fraudulent is this email? Let us count the ways! It looks harmless and seems to be from your payroll company, kindly alerting you about insufficient funds. The email sender is “Intuit Payroll Services”, and the email bears the Intuit logo and company trademark notes. Maybe there is more information in the attachment... Wait, don’t open that! 

PHEW! Good thing this company uses INKY. INKY Phish Fence instantly evaluated this email and immediately displayed the red warning banner before the recipient acted on the email.  

This prominent red banner at the top labels this email as “Danger!” Next to that you’ll see the sender’s email address exposed as secplan@munisacesteban.cl , which does not seem like a legitimate Intuit email address (FYI, “.cl” is the country code top-level domain for Chile). You don’t need to be an expert in domains to know this email is fraudulent because INKY provides even more information. Underneath that, the banner says, “Potential Sender Forgery, Brand Impersonation, and more...” with a clickable “Details” link.  

intuit-banner

Clicking the “Details” link lists exactly what is wrong with this email. INKY’s artificial intelligence, machine learning, and computer vision algorithms instantly analyzed the email and it triggered several warnings:  

  • Potential Sender Forgery 
  • Brand Impersonation 
  • Phishing Content 
  • Sensitive Content 
  • Invalid From Header 
  • First-Time Sender 

Notice that each warning has a short description, e.g., “Invalid From Header - The message does not have a valid From: header and is probably trying to trick you. These warnings protect and educate users. 

intuit-details-2

How to Protect Your Organization From Phishing Attacks 

If your organization used INKY Phish Fence anti-phishing software, all your employees would see these warnings on every fraudulent or suspicious message, even on the email they read on their mobile devices. Your colleagues would become educated to the phishing threats in their actual inboxes, not simulated phishing tests. 

Set up a demo today and ask about setting your team up with a free two-week trial to experience this yourself.  

Topics: