The article ends with a discussion of how Kelser trains our clients to recognize phishing emails with phony links or attachments. The simulated phishing attacks we conduct for clients have been in the news before, but this time around, the focus was on the simulated phishing emails we send our own staff to keep our senses sharp.
We always say that clicking on a phishing email can happen to anyone, and Barry was brave enough to tell the Associated Press that one of Kelser’s simulated phishing attacks recently fooled him. The article doesn’t go into much detail, but what happened to Barry is an excellent example to keep in mind, so we thought we’d explore it a little deeper here on the blog.
It turns out Barry was a victim of timing. He was talking to Kelser’s VP of finance about payroll and was expecting an email from him about it shortly thereafter. When an email that appeared to be from the VP of finance with the subject line “payroll” arrived in his inbox moments after the conversation, he opened it and clicked the link without thinking about it. It opened a window telling him he’d fallen for a fake phishing attack.
“I didn’t do any sort of scrutiny of it,” he says. “I guess the moral of the story is coincidences can hurt you when it comes to phishing.”
This was, in fact, a total coincidence. Hackers often send emails that appear to come from executives or employees to glean financial information or passwords. Kelser’s cybersecurity team crafted such an email to Barry as part of our routine cybersecurity awareness exercises. It just happened to arrive at the right moment to catch him with his guard down.
Had the timing not been so perfect, Barry likely would have noticed a number of red flags in the email, such as an incorrect phone number. He likely would have hovered over the link before clicking on it, which would have shown him the destination URL was not what he would expect it to be.
It just goes to show, you always have to be on your toes! Knowing what to look for—and being diligent about it—is the best way to prevent cyber attacks.
Case in point, one of Kelser’s clients, Empire Industries, was also featured in an Associated Press article this spring. Kelser helped them recover from a ransomware attack and put new cybersecurity measures in place. They haven’t had any incidents since.
About Adam Stahl
Adam is a Biznologist who invites boundless creativity to achieve outcomes that inspire confidence.