Real Life Encounter With a Phishing Email
Kishor Kumar
Pragma
- August 6, 2021
People are so preoccupied with work that they tend to pay minimal or no attention to the changes in various aspects of life. The purpose of this post is to show how easy it is for someone to gain control of your precious data through a phishing attack. Hint: All it takes is just one click.
The Encounter
Like any other day, I started my day with emails around 8AM before carrying on with my other duties. As I went through it one by one, I noticed an email from Geoff Leeming (Pragma’s co-founder) sent at 7 AM and marked IMPORTANT.
When I opened the email, it indirectly told me to “reply” to the email sent. That was when I realised that Geoff would rather send me a message via Google Chat than send an email if it was something of importance. Additionally, I noticed that the email from Geoff seemed to be odd as the domain “@pragmastrategy.com” was replaced by “@optonline.net”.
Right away, I knew I had to confirm the authenticity of the email. I immediately texted Geoff on Google Chat to enquire if he had sent the email. He soon replied that it was not him and confirmed that I had received a scam mail instead.
Geoff sent out an alert over Google Chat to the rest of the company to be wary of any odd emails received in his name. I was glad that I had informed him and refrained from responding to the fraudulent email.
A Possible Phishing Attack
It could have been a phishing email attack where the threat actor was trying to use email to lure the recipient into revealing personal information or clicking a malicious link. Usually, this is done by making the recipient believe that the message is from someone within their company or something they need from a third party.
Pragmatic Advice
If you do receive such emails, DO NOT REPLY OR RESPOND. Remember to mark it as ‘Phishing’ to strengthen the Phishing or Spam Filter. We strongly advise you to look out for the following warning signs:
Domain Name
Every company has its unique domain name after “@” in its email address. Employees must be aware of their company domain name. Most fraudulent emails find it hard to mirror the company’s domain name. Thus, it is easier for us to distinguish those emails from the rest. Nonetheless, it is always safe to confirm with the sender of the email through another medium (Eg. Google Chat or call that person) as there is a possibility that the scammers might have done a good job at perfecting the email address.
Content of Email
Most of these emails either ‘ask for a favour’ or want us to just ‘reply’ or ‘check’ for certain information. Scam emails vary from being extremely detailed with basic information to a simple ‘I need your help with this’. So, be cautious of fake links, technical terms and the real intention behind such emails.
Major Grammatical Errors
Usually, such emails contain grammatical errors and can be quite unconvincing at times. People who tend to read the first and last few letters in longer words are prone to not catching errors in the word mentioned in a scam mail.
When in doubt, do not respond to such emails. Alert your colleagues. An early announcement alerts your colleagues so that they are not taken by surprise through such scams.
When in doubt, do not respond to such emails. Alert your colleagues. An early announcement alerts your colleagues so that they are not taken by surprise through such scams.
Conclusion
I strongly believe that complacency results in one falling for cyber threats. Moreover, as basic knowledge in cybersecurity is rising around the world, I hope the public avoids such scams and threats. Do stay cautious at all times while using the internet as such attacks can ring your doorbell at any time.
- Related Topics | #RealLifeExample, incident response, Phishing, Social Engineering
Most Viewed Insights
