It (almost) happened to me!

How CybeReady’s training regimen saved me from falling prey to a malicious phishing attack

It was the beginning of just another workday – the sun was shining outside, and I was sitting at my desk, sipping my morning coffee and going through my inbox. I was expecting some emails from my CEO – the two of us correspond on a daily basis on ongoing business initiatives – when I noticed the following message:

From: CybeReady CEO <[email protected]>
Subject: TASK
Rogers,
Are you at your desk? send me your mobile # please, will appreciate if you can have a task handled swiftly.
Thank you

For a second it looked like a message that was indeed coming from CybeReady’s CEO, 

But then I stared at the email again, now with more critical eyes. I noticed that the email address was wrong and something about the message itself didn’t make sense either – our CEO has my cell phone number – why would he request it over email?

So I did what I’ve been well-trained to do – reported this suspicious email as a potential phishing attack, and sure enough – our CISO was quick to reply that indeed, I was a target of a phishing attempt, and they event applauded me for doing the right thing.

Alarming Signs

What about this specific email made my “phishing antenna” rise, and what signals should you look for to quickly identify phishing emails? There are many different red flags, here are some of them:

  • The sender uses a familiar, “trusted” name in the display name, but the email address is totally different. 
  • The message itself – the request in the email message seems a little odd, a-typical for the sender 
  • Context – you were not expecting such email, request, or task from the sender
  • Email format – in this case, I’d expect the email to have the CEO’s full signature – which is missing in the phishing email

 

Business Email Compromise Attacks – What do hackers aim for?

Why would a hacker go through this length just to get his hands on my cell phone number?

Here’s what’s happening:

  • The sender asks for a mobile phone number because chances are that if you communicated with a fraudster your next communication would be easier (as you’ve established trust), so it’s common to ask for a ‘sign of faith’ before asking for money
  • Mobile phones are less monitored so getting a text message asking for a wire transfer has a greater chance to go undetected. 

Luckily, I’ve been working at CybeReady for a while and phishing attacks are top of mind for our team, as well as for our all our customers. 

I almost fell prey for a phishing attack. With thousands of phishing attacks making their way through employees inboxes every day – this can happen to any employee, in any organization in any industry. In fact, according to a report by Positive Technology, 27% of employees fall prey to phishing attacks. Smart, continuous training is the only way to reduce that risk and build organizational resilience. 

CybeReady offers the only autonomous cybersecurity training platform and utilizes data science-powered training – which guarantees a change in employee behavior towards phishing attacks. Our fully-managed solution trains the entire workforce every single month, so no employee is ever caught off-guard. We know how to do this right – get in touch with our team and we’ll show you how easy it is to get started with CybeReady, with zero IT effort on your end!

Based on very real (and recent) events, experiences and described by Rogers Turner Jr, Customer Success Manager at CybeReady

4a34e52d-562b-4e1e-8b71-5c005a7559a9