Spotting Phishing Emails

Sophisticated phishing campaigns are currently targeting DAT customers. Malicious actors are impersonating DAT in an attempt to trick your users into clicking deceptive links, aiming to steal their login credentials and gain unauthorized access to the DAT platform.

DAT is aware of this attack and is actively working to mitigate its impact. We are communicating directly with you to ensure you have the necessary information to alert your users and prevent any compromise.

What's happening:  These phishing emails are designed to look like legitimate DAT communications. Their goal is to entice users to click an embedded link, which redirects them to a fake login page controlled by the attacker. This fraudulent page is designed solely to harvest user credentials.


Immediate actin for you and your users:  

  1. Alert your users IMMEDIATELY: Please disseminate this warning to all of your DAT users, emphasizing the critical need for vigilance.

  2. Reinforce phishing awareness: This is a crucial time to remind your users about the dangers of phishing and how to identify suspicious emails. Review the key indicators below with them.


How to identify phishing emails (key indicators to share with users):  Educate your users to look for these common red flags, present even in sophisticated phishing attempts:
  1. Check the Sender's Email Address: Pay close attention to the sender's email address (not just the display name). While phishing emails may attempt to mimic our email domain, dat.com, they often contain subtle discrepancies or irregularities upon closer inspection. Verify the authenticity of the sender's address before taking any further action.
    • Always check the full email address, not just the display name. Phishers often use addresses that look similar to legitimate ones (e.g., support@dat_one.com instead of a correct address like support@dat.com or no-reply@dat.com).
    • Be wary of generic senders or emails from addresses that don't match DAT's official domain (dat.com).
  2. Watch for Suspicious Requests or Content: Phishing emails typically contain requests for sensitive information or prompt recipients to take urgent actions. Be cautious of emails requesting personal data, login credentials, or financial details.

    • Generic greetings: Phishing emails often use vague greetings like "Dear Customer" instead of addressing the recipient by name.

    • Urgent or threatening language: Beware of emails demanding immediate action, threatening account suspension, or promising unrealistic rewards. These tactics create panic to bypass critical thinking.

    • Poor grammar, spelling, or formatting: While not always present, errors in language or inconsistent branding can be strong indicators of a fake email.

    • Hover over links before clicking:

      • Crucially, before clicking any link, hover your mouse cursor over it (on desktop) or long-press (on mobile) to reveal the actual URL.

      • Verify if the URL points to the legitimate DAT domain (e.g., your specific platform like YourCompany.dat.com, or a general dat.com address) or a trusted Microsoft domain (for O365 integrations).

      • If it's a strange, misspelled, or unexpected domain, DO NOT CLICK IT. Look for subtle misspellings or extra characters.

    • Requests for personal information: Legitimate companies like Awardco will never ask you to provide your password or other sensitive credentials directly via email.

    • Unexpected attachments: Be extremely cautious of unexpected attachments, even if they appear to be from a known sender, as they can contain malware.

Screenshot showing a phishing email using false urgency tactic
3. Do not click on or download embedded links and attachments::  Hover your cursor over any hyperlinks embedded within the email to inspect the destination URL. Phishing emails often contain malicious links that redirect users to fraudulent websites designed to steal personal information. Avoid clicking on suspicious links or downloading attachments from unknown sources.

Reporting the Phishing Email to DAT

To ensure DAT receives your report, please follow THESE  instructions on how to send us a copy of a suspicious email.

DAT will then take the necessary steps to report the email through our legal team to the appropriate channels and update our fraud protection website with the ongoing trend.

Stay Informed

To protect yourself and stay informed about the latest fraud trends, DAT encourages you to visit our fraud protection website at dat.com/fraud-protection. Here, you'll find valuable resources and updates to help safeguard your information.