June 2020 Phishing Simulation

If you were redirected to this page, you probably fell for our phishing simulation. Don't worry, this was just a test – no passwords were captured, and your E*TRADE Liberty account is not in danger

Phishing attacks continue to be extremely widespread and one of the most effective ways for a hacker to gain access to you and your company. SEM will periodically conduct phishing simulations to make sure that our business partners are aware of and up-to-date on the techniques used by cyber criminals. When it comes to security, your success is our success and vice versa.

This phishing simulation was designed to emulate an attack where a hacker sends out a targeted phishing campaign to customers of E*TRADE Advisor Services. As we review the "red flags" in this simulated attack, keep in mind that SEM has several resources to help keep you informed about cybersecurity:

Let’s review the specific “red flags” in this simulated attack:

Email:

Let's start by looking at the phishing email you received:

Screenshot of full email

Email Address

When you send an email, it will often contain a Display Name. Most of the time, your email client (e.g. Outlook) will set your display name for you - usually it'll be your name, e.g. “John Smith”. However it is also possible to specify the display name manually. This phishing email used some trickery to try and make the email look like it came from [email protected] with a display name set to E*TRADE.

As you can see, there is more to the email address – notice the part on the very right side, which contains the real email address: [email protected]. This is not a legitimate E*TRADE address. If you receive email communication from E*TRADE, you should have at least noticed that this is not at all the same address they normally send from. Even taken on its own, this email address looks pretty phishy.

Display Name
Actual Email Address

Email Content

Everything else aside, you should avoid clicking links in emails if possible, and instead go to the website directly. In this case, you would go to the E*TRADE Liberty website (without clicking the link in this email) and look for any mention of a “policy update”.

  • Generic Wording - The email only mentions an “update to our policies”. E*TRADE would almost certainly give more specific information directly in the email if they were actually updating a policy which affected their customers’ accounts.
  • Link URL - If you hover over the button, you will see a preview of the link URL. Notice that it is similar to the phishy-looking email address, and it is definitely not the correct URL for the E*TRADE Liberty web site.
Email body:
Link URL:

Landing Page

It is possible that you could be compromised even if you just click the link in a phishing email. However, it is still advantageous to know how to identify a phishing web page because some phishing attacks (like this simulated phishing attack) are only successful if you input your login credentials on a web page. Let's look at some "red flags" on the phishing web page:

Screenshot of full landing page

URL

Look closely at the URL. Everthing before the / is called the domain name. You'll notice that this domain name is not the same as the real Liberty web site. It also looks pretty phishy on its own.

Also notice the lock icon. This just means that the connection to the website is encrypted, not that the website itself is safe!

Phishing page domain:

Outdated information

Notice this information in the footer of the web page - it is outdated. The copyright is from two years ago.

Outdated information:

Password manager

If you have a password manager, you should have noticed that it did not autofill or have any suggestions for you on this page. If your password manager does not suggest login credentials on a web page where it normally would, this should be cause for you to take a closer look at things.

If you don't have a password manager, this is one of many reasons that they are a good idea!

LastPass had no suggestions: