Got spammed again. No wait, phished. Not content with pretending to be PayPal or Amazon, the Phisher Folk adopted a much cleverer new strategy today, by scanning LinkedIn, using some sort of algorithm to work out who my boss is, and then spoofing a quite believable email to me, early in the morning.
I was blurry-eyed. My phone flashed up the email - a familiar name, asking me for an urgent request. No link, nothing about posting gift vouchers or depositing money in a Nigerian bank - just “Could you run an errand?”
I wasn’t thinking. At least, I wasn’t thinking about the weirdness of that request so early; I was thinking about passing my probation (which is far from guaranteed) so I quickly replied:
“Sure, what do you need?”
… and sent it.
Silly. I usually always check the email address and the domain name after the @. I know the drill. But I let my need for approval get in the way, and innocently jumped to it like a Private, keen to prove myself to my Sergeant Major.
Well. I quickly changed my password. I figured that’s always a good thing to do. I guessed that the only thing the Phishers were likely to have picked up was a link between me and the real person - that’s not too bad, I mean it’s a logical inference. I didn’t open a ransomware link or anything. I was just embarrassed.
What was even more embarrassing I suppose, was the thought that this might just have been a test. My work email address occasionally gets pinged by a spoof of the big boss, the CEO. It’s usually that he ‘needs a favour for a client’ and could I contact him on this mobile number, etc… I’ve not once fallen for those, so I’m a little embarrassed that I let my sleepy head reply on my personal address this morning. Also, I’m very much hoping that my name isn’t then generated by some sort of report-of-the-gullibles that flashes up in neon, on my manager’s desk.
If it does, I hope it just shows kindness instead of early-morning stupidity. I’d take that, even if I am a bit gullible.
No comments:
Post a Comment