We all hear about phishing emails. All the time. In fact, there is a never ending dialogue about phishing emails in the news, the most recent one being the IRS emailing to say that you owe them money and they are going to arrest you if you don't pay immediately. As a side note, this is not true, so don't fall victim to the scam. Or the instance where one of my relatives clicked on a link that they shouldn't have and had their computer become infected with ransomware, demanding that they pay $500 through a gift card to get access to their computer back. And who can forget the Nigerian Prince who needs to send you money immediately due to their lottery winnings and for some strange, unknown reason, they have picked you to share it with! Well I have some great news for you folks out there - Even the people "in the business" get targeted too, and today that target was me!
I am going to give you some quick backstory so you can understand the context of this attempted phishing scheme. Here at Compass we use Google Apps for Work for our email. It's great as you can use it on multiple devices and has 2 factor authentication, which in my opinion is a must these days, and is overall very user friendly. We also get a pretty good amount of storage in our email as well, somewhere around 30GB, so you can save all those emails from 3 years ago that you probably should have deleted by now. In the 3 years I have been with Compass, I have managed to use a whopping 14% of my email storage, and I keep everything (I'm like an email hoarder!). So today, while working and navigating through my email, I got an email that had a catchy subject line that read - Mail delivery failed: returning message to sender. I send a lot of emails, however not many get "returned" so I was intrigued and opened the email. That's when the fun began and I decided that this would make for a good blog post (hopefully). I took a screenshot of my gmail inbox and have decided to include it in this blog post so I can walk you through what I deemed to be some red flags. So without further ado, lets tear this email apart and look at all the suspect stuff these clowns tried to pull off on me, the guy "in the business" (Warning, the picture is a bit small):
So what's my point in writing this long post making fun of someone who decided to send me a phishing email? Education. My point is to educate you on the various phishing examples that are out there so you can see what they look like and when you really look closely, just how ridiculous they really are. The problem is that they are effective. Even with the bad math and the grammar errors, at a quick glance someone is going to fall for this and click on the link and then the problems begin. Here is what you can do about it to prevent or minimize your employees from falling victim to this type of scam:
Train. Test. Repeat. Security is an ongoing process, not a single point in time event. Download our Phishing Statistics Infographic below and share with us in the comments or on social media what's the best phishing email you have received?