Phishing in Honduras — How Attackers Target Honduran Businesses and Employees
How phishing campaigns are crafted for Honduran targets, the warning signs every employee must recognize, and the technical and human controls that reduce phishing risk
Phishing is the starting point for the majority of successful cyberattacks against Honduran organizations. Ransomware infections, Business Email Compromise fraud, corporate espionage and data breaches almost universally begin with a phishing email that convinces an employee to click a link, open an attachment or enter their credentials on a fake website.
Understanding phishing is therefore not just a technical exercise — it is the foundational element of any organization’s cybersecurity program. An employee who recognizes a phishing attempt and reports it has stopped an attack in its tracks, at zero cost, before any technical control has had to engage. An employee who falls for a phishing email can trigger a chain of events that costs millions and takes months to recover from.
This guide explains how phishing campaigns actually target Honduran businesses and employees, the specific warning signs that distinguish legitimate emails from phishing attempts, and the combination of human and technical controls that reduce phishing risk effectively.
How Phishing Campaigns Target Honduran Organizations
Phishing attacks against Honduran targets are not generic spam — they are increasingly crafted with specific knowledge of the Honduran business environment:
Shipping and Customs Phishing
Honduras is a major export manufacturing country. Maquilas, agro-exporters and import companies receive high volumes of legitimate communications from customs authorities (SAR), logistics providers, shipping lines and freight forwarders. Attackers exploit this by sending fake shipping notifications, customs clearance alerts and invoice documents that appear to come from DHL, Maersk, SAR or regular logistics partners. These emails contain malicious attachments (fake shipping documents that install malware when opened) or links to fake portals that steal login credentials.
Banking and SAR Phishing
Fake communications that appear to come from Honduran banks (Banco Atlantida, Banco de Occidente, Ficohsa, BAC), the SAR (Servicio de Administracion de Rentas) or the CNBS. These target both businesses and individuals with fake account security alerts, tax compliance notifications and regulatory update requests that steal banking credentials or install banking trojans.
Microsoft 365 and Cloud Credential Phishing
As Honduran businesses adopt Microsoft 365 and cloud applications, attackers target these credentials directly. Fake Microsoft login pages, SharePoint file sharing notifications and Teams meeting invitations that redirect to credential-harvesting sites are increasingly common against Honduran organizations.
Executive Impersonation (Spear Phishing)
Highly targeted phishing that impersonates company executives or senior managers to reach specific employees in finance or HR. Unlike mass phishing, spear phishing emails include specific details about the organization, the recipient and their role — making them much harder to recognize as fraudulent.
Warning Signs Every Honduran Employee Must Recognize
Phishing emails are designed to look legitimate, but they consistently exhibit warning signs that trained employees can identify:
- Urgency and pressure — “Your account will be suspended in 24 hours,” “Urgent action required,” “Immediate response needed.” Legitimate organizations rarely create artificial urgency in routine communications.
- Sender address mismatches — The display name says “Banco Atlantida” but the actual email address is something like [email protected]. Always check the actual sending address, not just the display name.
- Lookalike domains — Attacker domains that look almost identical to legitimate ones: gladiium.com vs gladiium-hn.com, microsoft.com vs microsoftonline-verify.com. Look carefully at every character.
- Generic greetings — Legitimate communications from your bank or employer usually address you by name. “Dear valued customer” or “Dear user” is a warning sign.
- Unexpected attachments — A shipping document you did not request, an invoice for a service you do not recognize, a “resume” when you did not post a job opening. If you did not expect it, verify before opening.
- Links that do not match their description — Hover over links (without clicking) to see the actual destination URL. If a link says “Click here to log in to your bank” but shows a URL like secure-login-honduras.com, do not click it.
- Requests for credentials or payment — Legitimate IT departments and banks never ask for your password via email. Legitimate vendors do not suddenly change their bank account via email without phone confirmation.
Technical and Human Controls That Reduce Phishing Risk
Technical Controls
- Multi-Factor Authentication (MFA) — Even if an attacker steals credentials through phishing, MFA prevents them from using those credentials to access systems. This is the single most important control for mitigating the consequences of successful phishing.
- Email authentication (DMARC, DKIM, SPF) — Properly configured for your domain, these standards prevent attackers from spoofing your organization’s email address and help identify when partners’ domains are being spoofed.
- Advanced email security gateway — Filters phishing emails before they reach employee inboxes using reputation analysis, URL sandboxing (following links in a safe environment to check where they actually go) and attachment analysis.
- DNS filtering — Blocks connections to known malicious domains, so even if an employee clicks a phishing link, the connection to the attacker’s infrastructure is blocked before any damage occurs.
Human Controls
- Regular security awareness training — Effective phishing defense requires ongoing training, not a one-time session. Employees need to understand current phishing tactics, see real examples from the Honduran threat environment and practice recognizing warning signs.
- Simulated phishing exercises — Sending controlled phishing test emails to employees — crafted using the same techniques as real attackers — identifies which employees need additional training and measures the organization’s real-world phishing detection rate over time.
- Clear reporting procedures — Employees who suspect a phishing email need a simple, low-friction way to report it. If reporting is complicated, employees either ignore suspicious emails or handle them on their own — neither of which generates the visibility the security team needs.
Frequently Asked Questions — Phishing in Honduras
What should an employee do immediately after clicking a phishing link?
Disconnect the device from the network immediately — unplug the ethernet cable or turn off WiFi. Do not attempt to undo what you did or close browser windows — this can destroy forensic evidence. Contact your IT or security team immediately and tell them exactly what happened: what email you received, what link you clicked and what information (if any) you entered. Time is critical — the sooner the security team is notified, the faster they can contain any damage. Do not be embarrassed to report — attackers succeed because phishing emails are designed by professionals to be convincing, and everyone in the organization benefits from fast reporting.
How do attackers find specific information about Honduran employees to use in targeted phishing?
LinkedIn is the primary source. Attackers study employee profiles to understand job titles, responsibilities, reporting relationships and connections. Company websites reveal organizational structure. Industry directories and trade publications identify business relationships. Social media reveals personal interests that can be used to craft convincing lures. The best defense is awareness that this research happens and that any email can be targeted — verification of unexpected requests is always appropriate regardless of how convincing an email appears.
How does GLADiiUM’s phishing simulation program work?
GLADiiUM designs and sends controlled phishing test emails to client employees using the same techniques as real attackers — including templates crafted to resemble the specific phishing campaigns targeting Honduran organizations. Employees who click the test link see an immediate educational message explaining what just happened and how to identify the warning signs they missed. Aggregate results — which departments and employee groups had the highest click rates — are reported to management without identifying individuals, enabling targeted training investment.
Train Your Honduran Team to Recognize and Stop Phishing Attacks
GLADiiUM delivers bilingual security awareness training and phishing simulation programs specifically designed for the Honduran threat environment — with on-site delivery available in San Pedro Sula and Tegucigalpa.
English
Español