Phishing

Phishing Scam: The Attack We Witnessed at Our Office

Douglas Personal Interest

With the constant news stories about computer hacking, online security breaches, and cyber security issues in general, you've no doubt heard the term, "Phishing."

If not, here's a quick definition...

“Phishing,” a type of cyber attack in which a hacker disguises him- or herself as a trusted source online in order to acquire sensitive information, is a common and technologically simple scam that can put your employees and business at risk.

Maybe this sounds like something that happens to other people? It would never happen to you, right?

Well, I might have thought that at one point too, but just recently a phishing attack landed in my inbox. Here's what the original email looked like:​

Phishing attack

Notice the subject line of this email: "Following -up" - Lines like this are often used to drop your guard. It helps disguise the email as part of conversation that you've already been having. "Maybe you just forgot about it?" is what the hackers hope you'll tell yourself. 

The email requested that I click a link. That's when I got suspicious. I've read enough about email scams to know that this is an easy way for hackers to infect my computer or gain access to my files.

When I saw that request, I immediately emailed the sender to confirm that this did indeed come from him:​

Phishing

Take note that this was a NEW email message. I did not respond to the previous one - I started a new message with a new subject line.

And guess what happened next?

I got a response to this email, apparently from my contact, saying, "I sent you the message not spam, thanks for checking."

Still not convinced, I called my contact to confirm one more time...

Speaking with him on the phone, I learned that he had no knowledge of this email. Someone had hacked his email account and was monitoring incoming responses as well as sending outgoing messages!

I share this story with you as a warning...

Hackers are getting more sophisticated and more devious in their attempts to perform cyber crime. If you receive any suspicious emails, double-check that they are legitimate (maybe by making a phone call as I did), before clicking any links or opening attachments.

Still, no matter how cautious we can be, there is always a chance of being hacked. If you want to talk about protecting yourself or your company from cyber crime, give our office a call to learn about your protection options.​