MotherG was recently the target of a phishing scam (yes, even IT managed service providers can be targeted). I’m thankful that we were the target, not the victim due to our diligent staff. If we hadn’t been so fortunate, I’d either be writing a different blog or updating my resume.
Admittedly, the manner in which the bait was presented was quite clever. I want to share our experience, discuss why we were the target - not the victim, and provide steps to take if you’re targeted by a phishing scam.
What is a phishing scam?
Before I tell you about MotherG’s own incident, let’s first talk about what a phishing scam is.
Techtarget defines PHISHING as “an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well-known and trustworthy Web sites."
How it happened...
It was a Tuesday, not unlike any other Tuesday. An email arrived in our accounts payable’s inbox to our director of operations. It was directed to the right person and it appeared to come from our CEO, asking for a bank transfer of funds. We are a smaller company and this type of request isn’t entirely unusual.
Let’s face it; we’re a busy company and sometimes small details go unnoticed at first. A quick reply was crafted and promptly sent to the corresponding address. Wire transfer details were included in the response with a large sum attached. RED FLAG.
When the recipient of this suspicious email took a stroll to our CEO’s office and commented on the previous email exchange, “what email? I didn’t send any email.” HUGE RED FLAG. Hmmm. Someone was sending and replying. Time to take a look at that original email a bit closer.
Upon further investigation, a few inconsistencies began to emerge.
- The recipient's own named was slightly misspelled.
- The sender’s email address, while it made sense and looked like it was our CEO’s, wasn’t the actual address used by the CEO.
- The most subtle thing we noticed was that the email address’s domain, while similar, was slightly different! Our blog on what phishing looks like shows an example of this.
This attempt was cleverly orchestrated and designed for one single purpose: to coerce a pay-day quickly and quietly. Nice try, but not on our watch. Like I said, I was impressed. Some homework was done and the target precise. Just enough obscure moments to cause us to pause and take a closer look. VICTIM avoided.
We could have let it go and stopped there. But we didn’t… and neither should you.
If you find yourself in a similar situation, here’s what you should do (and what we did)
- Don't open any attachments
- Don't reply (in our example our employee made that mistake)
- Don't click on any links within the email
- Don't let the incident go unreported
- Do delete the offending email after reporting
How to report a phishing scam email
- Contact your IT department or IT managed service provider.
- Block the domain from accessing your network and block anyone on your network from accessing the domain.
- Block emails from coming into your system.
- Check to see whichregistrar the domain is registered with. This is called conducting a “who is” search
- Note: in our case the domain had been registered that morning. Very fishy.
- The registrar is a domain authority responsible for domain registration. GoDaddy and Tucows would be examples.
- Your managed services provider should contact the registrar that the offending domain is registered with and notify them of the attempted phishing scam.
- File police reports within your local and state law enforcement agencies. We are in Itasca, Illinois and both city and state have cyber-crime divisions.
- Understanding how to find the headers of an email and how to send one email as an attachment in another is imperative in order to properly report your findings to local law enforcement.
- Headers are embedded information within every email that tells specific information like where an email came from. This information is helpful to reporting agencies.
- File a report with the Federal Trade Commission:
- File a report with antiphishing.org and email them Reportphishing@antiphishing.org.
- Lastly, delete the phishing emails.
If you follow all of these steps and report this to the appropriate authorities, you’ll successfully avoid becoming the victim of a phishing scam. We'd love to hear your thoughts and comments below!