This Phishing Email Almost Got Me: Cybersecurity Best Practices

We’ve all gotten them.  Phishing (via email, text or other communication medium) is one of the most common ways that hackers try to get to your data.  According to the 2021 Verizon Data Breach Investigations Report (DBIR) (which I covered here), phishing was present in 36% of breaches (up from 25% the year before).  This week, one of them almost got me.

It was an email from a colleague asking me to “please review the proposal documents attached in the link below and let me know if we can work on this project together.”  While the email seemed like it was auto generated, it came from a colleague I know and even had my colleague’s email signature on it.  So, I clicked on the link to an RFP number, which was probably my first mistake.

That’s when McAfee popped up with a warning that indicated that it was a deceptive site.  So, I took a second look at the email and realized that it did look pretty phishy, er, fishy after all.  So, I decided to confirm that my colleague actually sent the email, which I did by responding to the original email, which was definitely a mistake.

And believe it or not, I got a response!  That response said: “Hi Doug,

Thanks for checking back with me. The attachment is from me, it is a project proposal for an upcoming project we’re working on. It is a secured document and I believe you’ll be required to login to review. Please let me know if we can work on this together.

Thank you.”

But it had no email signature this time and certainly looked generic.  So, I still wasn’t convinced that the request was legitimate.  So, I reached out to my colleague again – this time via text (finally a smart decision!) and my colleague confirmed that this was indeed a phishing email.

I looked up “phishing RFP scams”, which pointed me to this link from the Better Business Bureau (BBB) describing a similar scam which apparently targets small businesses in particular (though I think it could work on businesses of any size).  In the alert, they state: “The email may even have the company’s signature block with a real address and staff contact person” (which mine did).

The BBB alert has a few pointers for “How to Spot an RFP Scam”, which are useful.  In addition, I have two additional recommendations:

  • Never Respond to an Email if it Looks Fishy: That was a bonehead move on my part.  If you have doubts about an email sent to you, reach out to the person via other means (e.g., phone call or text) to confirm that they sent it.
  • Keep Your Virus Software Up to Date: Your virus software is there for a reason – to keep you protected.  Hackers are always coming up with new ways to get at your data, so it’s important to ensure that your virus software is set to automatically apply new patches to address those newer threats.  My virus software certainly saved me here.

So, what do you think?  Have you ever received a phishing email that looked real?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

4 comments

  1. Hi Doug – I received a similar email a couple of years ago. I was on the road, in a hurry, it seemed legit, and for good business purposes. I did what you did, replied, got a similar response, clicked on the response, and logged in. What ensued was one of the worst business horrors I could have imagined.

    The hackers took over my email, resetting my password and preventing me from communicating with anyone. They sent similar emails to my contact list and because I couldn’t respond they sent the autoresponder you mentioned. They used my email login to change access to my websites, and installed malicious code there. It took me several hours (in a hotel room) and a couple of weeks once I got home, on the phone with Microsoft (O365), my webhost, and a consultant to get it cleaned up, .

    Thank you for reminding everyone to watch out, phishing and malicious emails have increased significantly recently.

  2. You’re right, Doug – we’ve all had similar experiences I’m sure. The spammers/scammers are getting so sophisticated, it can sometimes be next to impossible to tell by just glancing at even a preview if the email is legitimate. I recently got an email (fortunately caught it) that got past my protection that had an almost exact replica of a major company’s logo. Thankfully, I had just read that’s an increasingly common tactic, so is just another “identifier” that we can no longer count on.

    I caught it by hovering over the sender’s name, and saw the address was not pertinent to the supposed company; so even though it wasn’t one of those long, obviously-fake addresses, I knew it was fake…might have been yahoo.com or something but still “phishy”. The first defense in my mind is don’t trust any email if you don’t recognize the sender’s name, but better yet, always hover your cursor over the name to see the entire sender address, since we all probably get important or valid emails with names we haven’t yet connected to.

  3. Thanks for your comments, Aaron. I hover over the sender’s name regularly to identify potential phishing emails, but this one actually came from the colleague’s actual email address, so I’m gathering that person was hacked. And a hover over the URL to the “RFP” actually showed as a document reference on spark.adobe.com (but the URL actually went to a different address when clicked which was deemed “deceptive” by McAfee). Both circumstances made the email more convincing as to its legitimacy.

Leave a Reply