Friday, April 12, 2019

Caught Phishing Email

Earlier this year ITS caught an email, which attempted to steal someone's paycheck.


Tue, 19 Mar 2019 19:44:48 +0000
From: "Brennan O'Donnell," <ceosoffice@lycos.com>
To: ██████.█████████@manhattan.edu

Hi ██████ ,

Are you in the office?

I changed my bank and I'll like to change my paycheck dd details,
can the change be effective for the current pay date?.

Best Regards,
Brennan O'Donnell

Thankfully this was not delivered to anyone's inbox with the help of some tools Google offers.

But what if the email was delivered successfully? The phishers are hoping that no out of band communication will happen such as phoning the employee they are posing as. Also the phishers are hoping that manual and form-driven processes are bypassed to quickly get work done.

Do not be surprised if phishers start posing as family members asking for help. Phishers can surf the web and track your social media accounts to build a comprehensive graph of people you likely know. Talk to your loved ones about this type of scam. Be safe.