Hello! I am Evan, a marketing specialist 3 weeks into my new position with Finchloom, getting used to my day-to-day tasks and feeling a little more comfortable managing on my own! If you have not already, read my blog “How to Decrease Setup time for New Hires with AutoPilot” for a little background on me and my start with Finchloom. Recently, PhishPrevent saved me from sending some information to a random person, and in this blog I hope to shed some light on my experience.

Shortly after starting with any company, many people like to connect with their co-workers and companies on social media accounts like LinkedIn or Facebook. A common practice today, but something that is often overlooked is just who you are giving that information to. Before social media, if I were to try and figure out where someone I knew worked, it would be almost impossible short of asking the individual. This is no longer the case.

The moment someone adds their position as an employee of any company, it instantly becomes public data that can be seen by anyone on the platform who knows about the individual or the company itself. This poses a problem that I have recently faced, easy phishing on unsuspecting new employees.

Background

My manager had taken some time off at the end of last week and had given me some tasks to complete while he was away. I had figured that I would be on my own to complete projects over the next few days so that he could enjoy his vacation time. To my surprise, I received an email outside of my traditional hours from an email account under his name, but from an unrecognized email address (spoiler). It is also worth noting that this email was sent the day he was supposed to leave, and he had asked me for my phone number as he had an urgent request with the subject line of “Quick Response”.

Problem

There are a few parts of this story that did not make any sense:

  1. We have talked on the phone multiple times
    • He has my phone number and the ability to call me via Microsoft Teams if the situation was urgent
  2. Finchloom is a Microsoft Gold Partner
    • We have access to all the Microsoft Products we sell, and I assumed that with 90% certainty, he has his work email and Microsoft Teams on his mobile device
  3. He was looking for a quick response at a time when I was not working
    • He has explicitly told me to ‘not work when I am not on the clock’ so to speak

I understand that there are many scenarios where individually, all these aspects would make sense. Maybe he got a new phone, maybe he needed a flyer completed immediately, maybe he forgot his passwords, etc. Most people would not think twice about an urgent message from their boss, but when clicked into the email the next day, Outlook had prompted me with a PhishPrevent warning, the first red flag.

PhishPrevent Warning

Knowing that the odds of my manager contacting me from an alternate email address, in my off hours, with an ‘urgent’ request, I reported the email using the ‘report phishing’ tool that is provided by PhishPrevent. The reason that I was reporting the email for was potential impersonation, so I selected that option from the dropdown menu and hit send.

PhishPrevent Reporting Tool

The message was removed from my mailbox and I sent a teams chat to my boss making sure that he did not have an urgent message for me. Within 10 minutes, I received an email from PhishPrevent saying that I was correct, this was an impersonation attempt, and I should disregard the email.

What Happened?

In the beginning of this post, I referenced how easily anyone can see where others work utilizing social media. The irony of all of this is that I was able to reach out to Finchloom in search of my current position in the exact same way. I cannot yet say for certain that this is how my email (and managers name) was found, but it makes sense. I updated my current position on LinkedIn about a week ago, and anyone who has an account can see that I have recently started with Finchloom. It seems that an individual was hoping to prey on my ‘novice status’ using the fact I started here recently. They were also able to figure out who I reported to by looking at job postings, however they might have been able to infer this.

The next question I had was how they figured out my email. This is probably easier than most would expect. 90% of companies use the same syntax for employees’ emails:

Once the phisher had figured out which email was deliverable, they now knew my email address. The next logical step they would take is to make a new email account with the name of my manager as the account holder name, so that when I receive the email, I see my managers name and not some random email address. All in all, this process is way too simple. Employees who are unaware of these potential threats can be exploited by phishers to leak sensitive information, send payments, or worse. How can you prevent phishing?

Fish Prevent? PhishPrevent.

PhishPrevent is a managed security service that offers email and identity protection for Microsoft Office 365. With PhishPrevent, can report any email you are suspicious of through Outlook using the built-in tool. The reporting categories are as follows:

  • You don’t know the sender
  • A PhishPrevent warning popped up
  • You believe that the email could be impersonation attempt
  • Odd/weird content
  • Someone is requesting personal information
  • COVID 19 attack
  • And ‘other’

The reporting tool allows users to provide a reason that they believe the email could be unsafe, fraudulent, or otherwise, and send it off for analysis. Once the email has been reported, a team of security experts reviews the email, its sender, and metadata which allows them to determine if the email is authentic. If the email is malicious, it is kept out of your inbox and removed from all other employees emails within your company. If the email is deemed safe, it is returned to your inbox and you can go about your day.

PhishPrevent is an extremely useful tool for companies of any size, and has the potential to save users data, time, and money. For more information on PhishPrevent, contact Finchloom for a Free Breach Assessment and learn how PhishPrevent can become a vital asset in your company, regardless of size.