In many companies, there are currently increasing reports of Phishing mailsthat appear to come from superiors or the management. Particularly insidious: these messages are often worded as if they came directly from your own boss - with name, title and sometimes even the appropriate signature. The content appears urgent and confidential, for example:
"Hello, do you have a minute? I need your mobile phone number for an urgent matter."
What sounds harmless is often the beginning of a Social engineering attack - In other words, an attempt to deliberately manipulate people in order to obtain confidential information or to cause even greater damage later on.
Why are these emails dangerous?
Identity misuse: Criminals pretend to be superiors in order to exploit the trust of recipients.
Data theft: The mobile phone number can be used to try to commit identity theft or bypass two-factor authentication, among other things.
Follow-up attacks: Once you have replied, you are often involved in further fraudulent communication - e.g. with requests to buy voucher codes or make bank transfers.
How can you recognise such phishing emails?
Unusual e-mail address: The sender's address appears legitimate at first glance, but on closer inspection you can recognise small deviations (e.g. [email protected] instead of firma.de).
Urgency and confidentiality: The message demands immediate action, often with the advice not to share the information with others.
Unusual enquiry: A superior does not normally ask for your private mobile phone number spontaneously by e-mail - especially not without context.
No personal style: The language often seems atypical or distanced, sometimes bumpily formulated.
No direct contact: Calling directly or making a personal appointment is avoided - because the sender cannot do this.
What should you do?
Do not release any data! Never send sensitive information by email or messenger without clearly verifying the sender.
Ask questions: If in doubt, always ask the person concerned by telephone or in person.
Forward mail: Report suspicious emails to the IT department or the responsible security office in the company.
IT security training: Inform employees regularly about current scams.
Conclusion
Phishing emails purporting to come from the boss are no longer an isolated incident, but a widespread trick used by cyber criminals. Vigilance, common sense and a quick check-up call can prevent a lot of damage.
Email security systems help
Early detection and filtering
E-mail security systems protect e-mail traffic by checking incoming e-mails for the following:
- Sender behaviour
- Language patterns (e.g. unusual formulations)
- Header information
- Anomalies in the domain structure (e.g. "firm4.de" instead of "firma.de")
Such emails are often blocked before delivery or moved to a quarantine area.
As an accredited Hornetsecurity partner, we have access to the entire service portfolio:
from e-mail security to backup and security awareness.
Your partner for e-mail security - Flying Supporter
Do you have questions about e-mail security?
We will be happy to help you.
