Application Development Blog Posts
Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.
Showing results for 
Search instead for 
Did you mean: 
What's Changed about Phishing?


Simple things like sending an email are still the method of choice for cyber criminals to deliver malware, steal credentials or gain information from their target. Steadily increasing volumes of malicious mail are challenging us on a daily basis and each one of them can be vastly different but requires the same careful examination.


What does Phishing Look Like in 2021?


Phishing messages come in all forms. Recipients can receive classic artefacts which raise concern like inconsistent or no formatting, typos in every line of the textbody or colour-screaming layouts. These are just a few examples of emails that can “trick” a few inexperienced users but others, who diligently consume a regular basic security training, may not be so easily deceived.

Common technology of our decade like QR codes or shortened URLs are being adopted by attackers, giving their communication a look and feel very close to what benign interaction looks like in today's work life. Corporate design is being imitated to avoid the eyecatching indicators of earlier phishing campaigns. After clicking the bait, a login page from what appears to be a familiar account might appear and it becomes challenging make the right decision about whether to click on the link provided.


How to Proceed and Be Safe


We need to lean back a bit. In each of the aforementioned  scenarios, there is a gap between the legitimate email and a blatant attempt to break our security barriers. This is where judgement is critical.


Time helps. Do not rush through your emails. Especially, when prompted to interact. Keep your work inbox work exclusive. Do not use your work email address for any private endeavors like online shopping, travel booking or online banking.


Ask yourself the question: does this message even make sense? Here are some questions that might reveal an attack due to a lack of verified purpose and should be asked when a suspicious email comes through.


"Did I scan anything today?"

"Does my bank ever ask me to make changes to my account?"

"Am I expecting a delivery this week?"

„Did I give the online bookshop my work email address?”


For more information on SAP’s security strategy visit the SAP Trust Center.
Labels in this area