Phishing all day long

April 21, 2021 - 3 minutes read

Have you ever wanted to go phishing all day long? Most of us will never do this kind of phishing, but chances are some of us have gone fishing all day before. For some people though, phishing all day is what they do. Cyber criminals will send phishing emails to a small business, organization, etc. and hope that someone replies to it and then does what is requested of them.

These phishing emails a lot of times come from someone proclaiming to be your boss and they ask you to buy gift cards or to send them important files that have sensitive information in them.

A phishing all day example

 

From: “Your boss”

Sent: Thursday, April 1, 2021 12:32 PM

To: “You, good employee”

Subject: Re: Request

Do you have some time to run a quick errand?

Thanks,

“Your boss”

 

From: “You, good employee”

Sent:Thursday, April 1, 2021 12:35 PM

To: “Your boss”

Subject: Re: Request

Did you intend for this to go to someone else? If it is meant for me, sorry, not a good time.  Scrambling to finish the TPS reports.

Regards,

“You, good employee”

 

From: “Your boss”

Sent: Thursday, April 1, 2021 12:40 PM

To: “You, good employee”

Subject: Re: Request

Yes I intend this for you, I just need you to run an errand at any store around, I need some eBay gift cards to send out to a client today, how soon can you get them so I can advise the quantity and denominations, I’ll reimburse you later today.

Thanks,

“Your boss”

 

From: “You, good employee”

Sent:Thursday, April 1, 2021 12:45 PM

To: “Your boss”

Subject: Re: Request

“Your boss”,

I am not able to do this today.  I have to get the TPS reports done.

Sorry,

“You, good employee”

 

From: “Your boss”

Sent: Thursday, April 1, 2021 12:50 PM

To: “You, good employee”

Subject: Re: Request

When can you do it?

Thanks,

“Your boss”

What you can do

Phishing is sometimes pretty obvious and other times can be pretty hard to identify. It takes consistent practice to identify phishing attempts. Check out one of our previous Security Bytes posts on phishing to better prepare yourself for these types of cyber attacks. In the post we make this suggestion to ask yourself when receiving an email:

“Here are a few important questions you can ask yourself if you suspect someone is phishing, vishing, or smsishing your small business:

  • Do you know the sender, caller, or texter?
  • Are they urging you to open an attachment, to click a link, or to give them personal or business information?
  • Did the email, call, or text come outside of expected business hours?

If you answer yes to any of these, try and verify the sender, caller, or texter is legitimate.”

For more information on cybersecurity check out Small Business, Big Threat!