Community Feature - @SteveD3
Curated Intelligence's doyen of phishing - SteveD3 - analysed a recent email legitimately from Microsoft that looked suspiciously like a phishing email. The official communication from Microsoft to an Office 365 user's account looked very similar to phishing emails for several reasons. This highlights how users can mistake legitimate emails for attacks and more importantly - how attacks can be mistaken for legitimate emails.
https://steved3.io/data/When-legitimate-emails-look-suspicious/2021/09/12/
SteveD3 breaks down the email's components and analyses why a user may think it could be malicious, as well as the signs to confirm that it is legitimate communication from Microsoft. Overall, this blog does a great job in highlighting that organisations must cultivate security awareness through training programs and support if they are to get users to frequently report emails if they suspect anything unusual.
Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!