eDiscovery Daily Blog

Here’s an Example of a Phishing Email I Received and What I Did About It: Cybersecurity Best Practices

When you get an email from your boss asking you to help him with something, your natural tendency is to take it seriously and drop what you’re doing so that you can help.  But, if you’re not careful, you could find out that you’re the victim of a phishing email.  I got an email just like that yesterday – here’s how I was able to quickly realize what it was and avoid making a big mistake.

In case you’re not clear what “phishing” is, here’s a definition (straight from Wikipedia):

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.

You’ve probably seen plenty of emails that look like a legitimate entity (e.g., Apple, Amazon, various banks and financial institutions) where they tell you there’s a problem with your account and you’re directed to click on the link to provide your credentials again, or your account login or other account information.  You do, and they can take that info and wreak havoc from there.  That’s a phishing email and that’s pretty common.

Another type of phishing email is where it looks like it comes from someone you know (e.g., your boss or other colleague).  Again, they typically want you to click on a link – or – open an attachment that contains malware that can proceed to infect your system and, perhaps, your company’s network.  Sometimes, you may not even realize that malware has been “unleashed” until much later.  Or, they indicate that they need you to wire some money to pay a bill and give you the wire information.

So, yesterday, I got one of those types of phishing emails that looked like it came from my boss, Brad Jenkins, who is the CEO of CloudNine.  Here is what it said (bold italics used for emphasis, it was actually a plain text email):

Hello are you free at the moment?  i need you to get something done for me.

P.S. I am heading to a meeting right now and i won’t be able to receive call but i will be available by email.

Sent from my Samsung Galaxy smartphone.

Anybody who sends emails from their smartphones knows that we sometimes abbreviate, misspell, uncapitalize and so forth – phone email messages often have their own “email shorthand”, so the informality of this message seems consistent with that.  And, I could certainly see Brad sending me a quick message from his phone to ask for my help or a quick discussion – happens all the time.  But, then I see this at the top:

*** External Email ***

As I noted several months ago, at CloudNine, we mark any emails coming from an external source with an “*** External Email ***” marker inserted into the received email to help recipients identify those phishing instances.  Because of that, I knew that wasn’t an email from Brad via his CloudNine email address.  That told me it was very likely a phishing email; in fact, I didn’t even have to open the email to see that as it appears at the top, so I can see it in the three-line preview that Outlook shows in the Inbox.  If your organization doesn’t already do that, it’s a great way to help determine the origin of those messages that pretend to be from a co-worker.  In the meantime, you want to confirm any email that seems even the slightest suspicious came from the purported sender by checking out the email address or by asking your internal IT expert about it.  Better safe than sorry.

One other thing that I do if I’m unsure if the email came from the actual sender (if it’s purported to be from somebody outside my organization or I think it may be from a personal email address) is to contact them separately – not by replying to the email I received – but by either sending them a separate email to their known email address, or texting or calling them, and asking them if they sent the email.  Never reply to an email that looks suspicious.

By the way, this message had no link or attachment.  So, what were they after?  My guess is that they wanted to see if I took the bait and the next message was going to ask for me to “review this file” or “take a look at this site (link)” or “send a wire transfer to this address”.

Speaking of wire transfers, never send a wire transfer just based on an email, always get verification (preferably verbal) to confirm the request actually came from your boss.  That seems like a “no brainer”, but I’ve heard many stories of companies where employees did just that – only to find out that it was a phishing scam and the company was out tens of thousands of dollars.  Ouch!

So, what do you think?  Have you ever been a victim of a phishing email?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.