Let’s Catch A Phish: Rafiq A. Khurshid clicks on ‘Report as Spam’ first
Travel insurance? No thanks. Alert Aramcon spots misspellings, odd phrasing, and other clues.
The May phishing email test was a teaser about travel insurance plans supposedly sent from Community Services. Did you click on the fake offer? Rafiq A. Khurshid, an IT applications systems specialist with the Data Leakage Prevention Group in the Information Protection Department (IPD), was in no mood to be lured and was the first to report the email as spam.
That is two months in a row now that an employee in the IPD has remained vigilant and been among the first in the company to identify test emails as potential phishing attempts.
Inside knowledge or a hair-trigger finger? The latter, obviously, as the email had all the hallmarks of a phishing email test, including:
• A suspicious domain (community services <email@example.com>)
• An attractive subject (“Aramco Travel Insuranse Plans”)
• A large, bright red external tag (“PHISHING ALERT”)
• Odd phrasing (spelling mistakes, including “Insuranse,” “ensuranse,” and “whether,” as well as grammar errors, such as “over 50 plan,” “the plan … which give you the option … ,” and awkward phrasing, especially “get some reimbursement.”)
• An embedded link (“Click Here”).
The top three positive performing areas
1. Strategy and Market Analysis
3. Safety and Industrial Security
The Information Security Department would like to extend its gratitude and appreciation to the top three positive performance organizations for their noticeable efforts in scoring the lowest negative behavior; along with the highest positive behavior for the May simulated Phishing Email Test. Such efforts reflect positively on Aramco cybersecurity user behavior and elevates the resilience of the company’s core business.