your passport to all things web
Phishing Email with a Different Attack Footprint
Earlier today, Dani received an email with a From address of firstname.lastname@example.org. When she went to Reply, the Email addressed itself to email@example.com.
First and foremost, great catch Dani! This, by far, is the worst type of phishing email to deal with. The Email appeared absolutely legitimate and contained information that should not have gone to a third party. If a reply had been sent, the hacker would may have obtained the requested information and would have also verified that Dani, indeed works for PSAB and would not have been able to identify the type of data Dani handles. That would result in even more targeted attempts to obtain information.
It is our opinion that this is the same group that targeted us last week and we may or may not get additional Emails throughout the weekend and into the start of next week. Although it is an extra step, please take the time to make sure that when you are replying to an Email, you confirm that the address that pops up is indeed the address you expected – the one in the From section of the original Email. Should you discover that it is not, please stop and forward the Email to IT. Then delete the Email from your system to avoid any potential issues. The Email itself is not malicious. This individual or group of individuals is attempting to obtain sufficient information to cause one of us (EVEN IT) to make a mistake. So, lets all be on our toes!
As always, if you have any questions, comments, or concerns or if you receive anything that looks suspicious, please alert IT immediately. We monitor PSAB tickets pretty much 24×7, so any time is fine.