NOTE: If you have reason to believe that you have fallen victim to an attack and have provided your work account credentials, please let us know immediately at support.bedrock.com. Doing so will help us limit damage significantly.
There's a lot of money in online crime.
It's a simple fact, and because of that, the bad guys will constantly be finding new ways to fool people into giving up information or money. They evolve their attacks every hour of every day, so it's important to maintain a skeptical eye when reviewing the contents of your inbox (or the internet as a whole, really!).
Thankfully, there are a few simple ways to tell that what you're looking at in your inbox may not be 100% legit.
Were you expecting that email?
If the email you're reading seems a little out of left field, it's a good idea to reach out to the sender and ask them if the request is legitimate. When doing so, do not simply hit Reply and ask, as that will more than likely email the attacker. Reach out via a new email, a phone call or text, etc. to an address you know is valid for that person.
Who's it from?
Fake Display Name
Making an email appear to be from Bill Gates, Dwight D. Eisenhower or your immediate supervisor is incredibly easy, and this is one of the most common methods of deception used by attackers. Keep an eye on the address that email is actually coming from:
Mark Daniel <firstname.lastname@example.org>
That's someone named "Mark Daniel" (shown as what's called the Display Name), and his email address is "email@example.com". However, an attacker will try to make it look like the email is coming from within your organization, when in fact it's not, by making the Display Name an internal email address you may find familiar, or even someone else's name entirely:
Lana Kane (CEO) <firstname.lastname@example.org>
Lana Kane (CEO) <email@example.com>
In the above examples, the real email address of the sender is "firstname.lastname@example.org" or "email@example.com", however they've put something you recognize (or even a valid email address) as the display name, hoping that the recipient (you) will see that and trust that the email is legitimate. It's not.
Another popular attack seems to be a domain name purchased by the attackers in an attempt to deceive its recipients (domains are very inexpensive—as little as $8). We've seen the following:
Obviously purchased to appear similar to our domains, emails can easily be sent from accounts on those domains that look very similar to actual employees of ours (i.e. firstname.lastname@example.org).
Where's that link sending you?
So you get an email that contains the following:
Hey, that's my email address! It sounds important, and it looks pretty safe and legitimate, right? Of course it does: the bad guys are trying to get you to click on something that appears to be from Bedrock system administrators (or our email vendor, Microsoft, in this case) and log into "your" email system to fix a "problem". The link is, after all, pointing to office.com, which is owned by Microsoft, so clicking on it is safe, right?
If you hover over that link with your cursor, you'll see where it's actually going to send you (hint: it's not www.portal.office.com):
(If viewing the email through a browser, you may see the link destination in the bottom left corner of your browser window).
As you can see, clicking that link will actually take you to bubblegumbakery.com, which is more than likely a compromised website or a site set up specifically to fool people into giving up their work credentials, or other nefarious purposes. But, most tellingly, it's not sending you to the site that the link indicates it's sending you to.
If you're ever even slightly suspicious about where a link is going to take you, please don't hesitate to reach out to Bedrock Support. We'll gladly vet out the link and let you know if it's safe or not.