Return to blog index

Prevent a phishing attack (Learn from an ACTUAL phishing attempt)

In this video, Matt breaks down an actual phishing attempt and discusses red flags to look out for. Get practical tips to keep you and your business safe!

Posted on · Last updated on

Hey, everyone.

My name is Matt Mulcahy.

I’m the Director of Business Development at ProSource.

And for National Cybersecurity Awareness Month — the month of October —

I wanted to spotlight a recent phishing attack against myself

and just walk through

some of the red flags your employees and stakeholders should understand

and be aware of when just working day to day in their email.

On my screen here, I have the actual email from Christie.

This is a person that I conversed with maybe a couple of times

a year, and just last week she sent me a very odd email

asking for me to log in and check an eFax.

So right off the bat, this was unsolicited.

So that’s the first red flag.

Any time you get an unsolicited email asking you to click something or log in,

that should immediately fire some triggers in your mind that something’s not right.

So my first step in this instance was to respond

to Christie and say, “Hey, did you mean to send this?

Was this on purpose?” Just get validation from the employee that

this is indeed legitimate.

So very quickly, you know, within 10 minutes,

she responded to me and said, “Yes, it’s safe and secure to view.

All you have to do is log in with your email ID and pass to view the file

for security reason.” The second red flag here is the extremely broken English.

Knowing Christie, knowing how she types,

knowing that I’ve conversed with her, this didn’t make sense.

So right off the bat, I’m thinking that someone has access to her

email and is responding on her behalf.

The next step I did was immediately picked up the phone and called Christie,

confirmed that she did not send this email, and had her change her password.

While we don’t manage the email for this specific customer, we still are

cognizant of all of our customers and how they interact with us.

And it also is important to understand just because you have spam

filtering or antivirus filtering in your email,

when legitimate email accounts get compromised,

they use those as gateways to send to all of their contacts

and try to get their contacts to click on links and further grow

the web of compromised email addresses and spam all of the trusted contacts.

So just a couple of red flags here to understand.

Never click a link in an email that’s not expected.

If you are getting odd responses from a recipient

telling you to log into something, pick up the phone and call.

This is also a great way to avoid wire transfer fraud.

That’s very popular using email from an owner to a to a Controller

or CFO asking for random wire transfers.

We see this a lot.

Pick up the phone and call.

Sometimes the bank will not catch that

and you’ll be out of a lot of money and have no reason for recourse.

So just quickly wanted to show a real world example that no one’s immune.

You have to train your staff to understand what the red flags are

when working day to day in email.

And that’ll help you protect your practice or organization from further compromise.

If you have any other questions or want to look at more resources

that we publish at ProSource, check out the link below. Have a great day.

Speak with an IT expert

Schedule a free, 30-min consultation with one of our IT experts — if, after the call, you didn’t get any value, we’ll buy you a coffee!

Check out our resource library

We’re always adding new content to our digital library. Our blog articles, guides, and customer stories cover a broad spectrum of topics like emerging tech, industry-specific regulations, and security best-practices — just to name a few.