This week our CEO received an email message, apparently from his bank. And he couldn't really tell if it was a phishing attack. What do you think?
The email certainly appears to be from the credit union. But the email sender and URL show a different company's URL. That's the hallmark of a phishing attack.
A trip to the website of the domain name in question shows that it's an add-on to a popular email marketing system. Produced by a company with yet another name.
This could absolutely be a phishing attack.
i.e. email should come from [our] email address, not another address
Their site further suggests:
Website links: The safest approach for dealing with email links is to not click the link at all. Logging directly into Online Banking [...] is the best way to access your account and any messages pertaining to your account.
Assuming the credit union is following their own guidelines, we can definitely conclude this is a phishing attack. They've said very clearly there should not be links in email messages they send, and not to click them, in any event.
Wouldn't it be easier to tell them just to make sure the link is also under the credit union's domain?
With e-Share Trusted Sharing and Secure Mail you can communicate securely and compliantly with anyone, anywhere - using your own domain name and SSL certificate.
Recipients can instantly know they're not being phished, because no third party URLs will appear. And our 100% cloud platform keeps documents and conversations out of insecure email infrastructure while providing fine-grained sharing options from requiring login to insisting on access codes, automatic expiration and much more. And it's entirely enterprise class, supporting SSO, auto-provisioning and full integration with O365, OneDrive, Dropbox, Box, GSuite and GDrive.
We just sent you an email. Please click the link in the email to confirm your subscription!