Most email clients have security filters that scan your incoming emails for keywords. When certain keywords accompany other suspicious elements, the email will be filtered into your Spam or Trash folder. But cybercriminals can bypass your email filter using one simple tool: synonyms. Bad guys are replacing commonly-filtered words with synonyms (words or phrases that mean the same thing). This simple swap gets their phishing email past your email filters and into your inbox.
In a recent phishing attack, the cybercriminals replaced the term “invoice” with the synonym “Remittance Advice”. Since the term “Remittance Advice” is not a common keyword, the phishing email passes your security filter and is delivered to your inbox. The email includes an image that looks like an attachment. If you click to download the attachment, you’ll actually be clicking on an image that links you to a dangerous phishing site.
Here’s how you can stay safe from scams like this:
- Never click a link or download an attachment in an email that you were not expecting.
- Watch out for uncommon language. For example, the phrase “Remittance Advice” is not a commonly-used term in basic transactional emails. This could be an indication that the phrase replaced a more common keyword.
- When an email claims to include an invoice, try to find evidence of the transaction elsewhere. Do you have an unexpected credit card charge? Did someone in your family order something on your account?
Stop, Look, and Think. Don’t be fooled.
The KnowBe4 Security Team