I have been conducting security awareness training and presentations for a long time. I really take security seriously – some might say it borders on paranoia. Just about the time I think I have seen it all, even more sophisticated phishing scams come to light. This one hit home, right in my own personal email inbox.
Before I tell you my story, first a bit about phishing scams in general. Phishing is defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
So, here is what happened to me recently. The short history–my SUV has Google Earth and some other features that requires AT&T cellular services. About a month ago my phone app reminded me I had to renew the subscription, so I logged onto the portal and paid the fee and moved on.
The phish–about two weeks later I get the email shown below. In the bottom portion of the email, there was a button to click on for more information. Since I just renewed, I was more skeptical but noticed ATT-MAIL.com in the email address. I checked the email settings and used Google to search the address.
What made this especially sophisticated was the fact that the criminal purchased multiple ads on Google to publish “this is safe” notifications and have those search results show at the top of the feed. I still wasn’t buying it though because of my many experiences and training on dealing with phishing schemes.
The average person, in a hurry and seeing that the email looks legitimate, could have very easily clicked on the link and unwittingly exposed important data to these cyber criminals.
So, what can a person do to stay safe?
Remain vigilant about giving out your personal information or your company’s information. At BerganKDV, we conduct monthly security awareness trainings as part of a multi-layered approach to managing cybersecurity risks.
If you find yourself in a situation, either at work or at home, where you think you may have accidentally fallen victim to a phishing scam, notify someone right away. At work, you should let your IT team know about the error so they can initiate the company’s incident response plan.
If you are in doubt about a personal product or service you use, as I was of this email I received about my subscription with AT&T, contact the sender/company outside of the email you received to verify that it was a legitimate request. If you find that you have been hacked, you can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.
Need to learn more about cybersecurity? Start here.