No Phishing

Phishing By Setting Up The Phishing Message

ByMike McBride Reading Time: 2 minutes

I’m sure by now most of my readers have seen warning after warning about how phishers and hackers are taking advantage of our current situation. As more people find themselves working in odd situations, and with unfamiliar tools, they’re trying to get in and get us to let down our guard just a little bit. Case in point:

I was recently made aware of an email that was sent to someone I know. The email was sent to her work address, and appeared to be from the head of her organization with a relatively simple request. “Can you send me a number to text you some information?”

Doesn’t seem all that suspicious, does it? The immediate red flag it raised was that she had worked directly with this person for years and they’ve never communicated that way. He’s not big on texting.

That was it. That was the one obvious thing to question, which then got her to actually look at the email address, which wasn’t correct, rather it was something very similar to the correct email address, followed by gmail.com (i.e. Ron_Smith_abc_com@gmail.com instead of Ron_Smith@abc.com, which on a mobile device would not necessarily show up by default.)

So that was red-flag number two.

So I started thinking about what this message really was, considering similar email scams I’ve seen concocted by someone scraping law firm websites, sending emails supposedly from the Managing Partner, to new associates who maybe haven’t worked directly with that person much, with strange requests.

A couple of thoughts popped up

  1. The email didn’t include a link, or ask for anything more than a phone number. It was not, in and of itself, an obvious attempt at phishing.
  2. It did, however, request something a little out of the ordinary, but again, given the way companies are shutdown or working from home, different communication methods may not seem all that unusual right now.
  3. If she had replied, she would be giving the phisher her phone number, again not really a huge risk by itself.
  4. I suspect the actual phish would have come next. In a text message with a link, or some other attempt at getting her information.
  5. That attempt would have a higher likelihood of success, because it eliminates the one big thing we teach people about phishing, be suspicious of unexpected messages. This one would be expected.

Thankfully, in this case, it was out of character enough that it caused her to pause and raised a red flag. Would that happen with your team?

Remember, they don’t need every attempt to work, just one of the hundreds they can send to your employees, and all it takes is one of them being distracted right now.

 

 

Similar Posts

Linked: The Third Web
| |

Linked: The Third Web

ByMike McBride Reading Time: 2 minutes

Here’s the thing. I’ve been around the internet, and the Web, a long time. Long enough to remember when HTML was going to “democratize” publishing and when blogging was going to “democratize journalism” and when social media was going to be the thing that finally “democratized” the Web and gave everyone a voice.

None of that proved to be true. Each and every iteration of Internet technology eventually wound up with a couple of big winners, and some sort of monopoly.

What is it about Web3 that makes people think this will end any differently?

Linked: LastPass to Limit Usage of Free Version
|

Linked: LastPass to Limit Usage of Free Version

ByMike McBride Reading Time: 2 minutes

Full disclosure. I am a paid customer of LastPass. I have been for a number of years now. Why? Because this is one piece of technology that is worth paying for. There may be some other options out there that give you what you want for free, and there are, obviously, other paid solutions out there as well.

Upgrading Away

ByMike McBride Reading Time: 2 minutes

Lots of upgrading since last night. First it was the new version of Twhirl, 0.8 with the additional Friendfeed support. On my Vista desktop last night it had some stability issues after I first installed it and tried connecting to Twitter and Friendfeed at the same time. It crashed a couple of times on me,…

Linked: A fake, AI-generated blog reached the top of Hacker News
| |

Linked: A fake, AI-generated blog reached the top of Hacker News

ByMike McBride Reading Time: 1 minute

I’ve been at this blog for almost 19 years. Are you sure it’s still me writing these posts? Did I disappear and just leave it on autopilot to write posts for me long after I’m gone?

Are you sure you would know if I did?

Not everything is as it appears. We could all use a lot more skepticism, especially on topics we are already biased to believe.

|

Blaming IT

ByMike McBride Reading Time: 3 minutes

I saw this late last night, a post by Ron over at Strategic Legal Technology in response to a LexisNexis survey: Inside Counsel (April 2008) reports on a LexisNexis survey on information overload by professionals: ?77% of legal professionals? cite a clack of sufficient information technology tools to cope with the ever-increasing information burden.” Law…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.