My name is Matt Mulcahy.
I’m the Director of Business Development at ProSource.
And for National Cybersecurity Awareness Month — the month of October —
I wanted to spotlight a recent phishing attack against myself
and just walk through
some of the red flags your employees and stakeholders should understand
and be aware of when just working day to day in their email.
On my screen here, I have the actual email from Christie.
This is a person that I conversed with maybe a couple of times
a year, and just last week she sent me a very odd email
asking for me to log in and check an eFax.
So right off the bat, this was unsolicited.
So that’s the first red flag.
Any time you get an unsolicited email asking you to click something or log in,
that should immediately fire some triggers in your mind that something’s not right.
So my first step in this instance was to respond
to Christie and say, “Hey, did you mean to send this?
Was this on purpose?” Just get validation from the employee that
this is indeed legitimate.
So very quickly, you know, within 10 minutes,
she responded to me and said, “Yes, it’s safe and secure to view.
All you have to do is log in with your email ID and pass to view the file
for security reason.” The second red flag here is the extremely broken English.
Knowing Christie, knowing how she types,
knowing that I’ve conversed with her, this didn’t make sense.
So right off the bat, I’m thinking that someone has access to her
email and is responding on her behalf.
The next step I did was immediately picked up the phone and called Christie,
confirmed that she did not send this email, and had her change her password.
While we don’t manage the email for this specific customer, we still are
cognizant of all of our customers and how they interact with us.
And it also is important to understand just because you have spam
filtering or antivirus filtering in your email,
when legitimate email accounts get compromised,
they use those as gateways to send to all of their contacts
and try to get their contacts to click on links and further grow
the web of compromised email addresses and spam all of the trusted contacts.
So just a couple of red flags here to understand.
Never click a link in an email that’s not expected.
If you are getting odd responses from a recipient
telling you to log into something, pick up the phone and call.
This is also a great way to avoid wire transfer fraud.
That’s very popular using email from an owner to a to a Controller
or CFO asking for random wire transfers.
We see this a lot.
Pick up the phone and call.
Sometimes the bank will not catch that
and you’ll be out of a lot of money and have no reason for recourse.
So just quickly wanted to show a real world example that no one’s immune.
You have to train your staff to understand what the red flags are
when working day to day in email.
And that’ll help you protect your practice or organization from further compromise.
If you have any other questions or want to look at more resources
that we publish at ProSource, check out the link below. Have a great day.