Here is an example of a Phishing Email. It might look completely normal at a glance.

Let’s take a second look.

Who is Autoresponder?

Why would Microsoft send me an Email from Autoresponder?

Why did Microsoft mess up its logo?

Isn’t it a little weird to greet someone as a username?

Why wouldn’t my security team state their names?

All of these are questions that you should ask.

Here is what your security team is looking into when you report the email:

Autoresponder resolves to the email shown above. I decided to spin up a sandbox browser to navigate to zella.biz safely. Admittedly, I wanted to test out my security tools, so I also clicked the link from my regular browser. ***DO NOT CLICK LINKS THAT YOU KNOW ARE MALICIOUS***

In this case, no guts, no glory. I’ve also been trained on how to respond to an infected asset and can risk an infected personal investment for education.

The link resolved to a cloned page that promoted a hoax. Stating the domain was for sale. Here is how we know this is a cloned site meant to imitate GoDaddy; the accurate site shows the status of the field as taken.

The fake site also boasted an unsecured domain validation status, which tells us the site is unsafe, especially for the average internet user.

When you receive an email or are surfing the internet, watch for these things, and you’ll be well on your way to securing your data.