Home → Security Advisories → Email Security Advisories → Phishing
2.1. Phishing
We are continuing to see some activity on 'phishing emails', specifically where an email is received that at first glance appears legitimate but is not, and is instructing the recipient to take actions that will impact the company.
These emails may be crafted to appear to be from a valid institution, vendor, colleague or client. Some specific examples are below. The email may direct you to:
- Send confidential company documents
- Send a wire transfer
- Link you to a apparently legitimate site to collect your credentials or other personal info
- Open a file that may release a virus on your computer
- Solicit booking and ticketing services
- Ask you for your GDS credentials or other password information
We employ multiple layers of email filtering to detect these emails and block them before they reach you, but we cannot guarantee such an email will never reach you.
We have advised previously on the need for caution when handling any email attachment, email instructions or email website links.
Below is a friendly reminder on best practice.
- Always treat attachments and email links as potentially dangerous
- If you don't know what the attachment or email link is about do not open it
- If you do not recognize the sender do not open any attachments or otherwise follow any links or directions in the email
- Even if you do recognize the sender, be cautious – sometimes the email will be crafted to appear like it's from someone you recognize, even an institution, a client, your manager or your colleague, ask yourself:
- Is this a work/business related communication?
- Was I expecting to receive something from this vendor, client or colleague?
- Is the communication, link or attachment a type I typically receive?
- If I closely look at the sender address or website link is it in fact correct?
- Is the email requesting my personal login or password or other sensitive info? Never give these out
- If in any doubt at all, contact your manager or IT before you open an attachment, follow an email link, or follow any directions in an email. You can always reach out to itsupport@traveledge.com to ask us if a message is legitimate.
Thank you for your attention on this important aspect of email security
Examples of Phishing Emails
Example #1 - Email that seems to be from legitimate institution, even has the logo, but link is not to the correct website and the sent from email address is incorrect
Example #2 - Email that entices the user with claim to have pictures of the user, but the attachment is a virus
Example #3 - Request for last minute tickets from a client not known in past, awkward English language also sometimes a red flag
Example #4 - Wire transfer request, in this case appeared to be from manager, but close look at email (@traveledge.bizness.com vs @traveledge.com) showed it was not legitimate
Reference:
https://www2.arccorp.com/support-training/fraud-prevention/schemes/
https://www.us-cert.gov/ncas/alerts/TA16-091A
https://www.us-cert.gov/report-phishing
Search Travel Support
© Travel Edge. CST#1008676-10