This is another example of one of the contest entries that I wanted to share for educational purposes. You can learn more about the phishing contest here: http://www.w6fdo.com/2018/01/our-2017-phishing-contest.html
This one was brilliant and really startled me at first. It appears to be from my boss, asking me to help one of the County Supervisors with a personal inquiry (I’ve blanked out the Supervisor’s name that was used). When I first saw it, I thought “Wow, I had better respond quickly!” Then I thought, “wait a minute…” Even though this appears to be from my boss, it is highly unusual. That’s the trigger that should always cause us to stop and verify.
I hovered my mouse over the link and saw right away that it went to a different location:
hxxps://lmgtfy.com/?q=You+are+hacked+courtesy+of+2017+Monterey+County+Phishing+contest
Hahaha.
Then I looked and saw that my boss’ email address was slightly different than his real one (not shown here), so his email had also been spoofed.
Finally, I scrolled down and saw “2017 Phishing Contest” at the bottom of the email. =)
Phil Hopfner of the Information Technology department did a great job going the extra mile and creating this spoofed email that provoked both urgency and priority. Very nice job Phil!!
Remember to always be suspicious about something you receive that you don’t expect or seems unusual. If you aren’t sure, always contact the sender using a different means.
No comments:
Post a Comment