24 Feb my phishing experience yesterday
Hello all I hope you are all doing well, at least better than myself. If you want to cause yourself a lot of stress, being vulnerable, and quite frankly scared, then open emails recklessly and I promise when you get attacked you will be very cognizant of who is emailing you. Do not be the Phish, like I was!
If you do not know what phishing is, please read our blogs or watch our new Youtube channel. We have a blog on our website with lots of useful information about what we do, how we help customers, informative information about current IT events, or best practices. Our Youtube channel will have videos about what we do, best practices, and good information about IT in general.
So, in my 8 years at NPI, I have opened two emails that I should not have. The first was a few years ago, I was waiting for an invoice from a carrier. Well, I got an email from the person I was expecting the invoice from, so I opened it. Come to find out, it looked like a PDF/invoice and, it was a link that was made to look like a pdf. I opened it and I think I tried it twice, but it would take me to a blank page, so I went and got one of the engineers to look it over and it was in fact a phishing email. A few minutes after I opened it, I got an email from the real person saying she had been hacked. After investigation by our engineer, we found that our firewall and malware prevented me from going to the site. So, our tools protected me from myself.
Flash forward to Monday, February 22nd I am working at my desk and I see I had a voicemail from earlier in the morning, so I opened to listen to it. I am usually very conscientious about looking and deleting emails that look suspicious. This time I did not, and I opened the file and like my experience a few years ago, it took me to a blank webpage, it was an http link disguised as a wave file from the Cloud PBX saying it was an unheard voicemail. This time I figured out what I had done, so I got my lead engineer and he and our cyber security specialist were able to look at the code. The code was made to send the sender my passwords for all the things I use, personally and professionally. I will tell you this was terrifying!
What did we do? Well, my engineers looked at the code with their tools they have and determined what the threat was. The first thing we did was take my computer offline while they were looking at the code. Then, they flattened my computer (erasing all the data and applications), then restored from a safe back up and I was back up and running. The pain was going and changing all my passwords while still frightened from what I do not know.
I am very fortunate to work for NPI and have the resources that we have for an event like this. If I did not have these guys (engineers) I would be a mess. They gave me confidence that the threat was resolved, but to make sure I do a better job of identifying malicious emails. I am going to make sure to look at the sender of emails closely, even more so now than I used to. You do not want to be in this position because the business was at risk, as well as my personal information.
If you are worried about your security posture at work or want your people to get training to identify bad actors, we can do that training. We have programs that teach your folks what to look for and then we do phishing campaigns to see who is still opening bad emails. We then come back with a report to show you who is still opening and who is not. Hopefully, we come back with a clean report, but we seldom do.
If you want to read more on Phishing or want to watch a video with Curtis Cunningham talk about spear phishing, please click one of the links below. These will not take you to an unsavory site and get your information stolen!
Here are the links to the Spearphishing story and video.
https://www.npinfo.com/archives/1434 Spearphishing story
https://www.npinfo.com/archives/1711 Spearphishing video