If you worked in a US company in the utilities sector and received an email notification telling you that you’ve failed your “Fundamentals of Engineering” NCEES exam, would you download the attached Word file to check what’s up? Would you do it even if you know that you took no such exam?
Would you tell yourself that maybe forgot to take it, maybe this was the notice that tells you that you forgot to take it, and now you’ve been failed for not attending? Would you think that they maybe sent the email to the wrong person/colleague and check the attached file for the name of said colleague?
APT attackers are counting on eliciting all those questions in workers’ mind and one of them swaying them into downloading and opening a malicious attachment.
Spear-phishing tricks
Proofpoint r ..
Support the originator by clicking the read the rest link below.
