Don’t Get Hooked: How I Spotted a Phishing Scam

Don’t Get Hooked: How I Spotted a Phishing Scam

Since the start of the Covid-19 pandemic, cybercrime has increased by 600%. With that statistic in mind, my goal since I joined Ntirety has been to create awareness clients of cyber threats such as ransomware and data loss. Although I am still new to the company, I never would have guessed I would be targeted in an email phishing scam attempt.

The Situation

I was checking my emails when I received an email that appeared to be from Emil Sayegh, CEO of Ntirety. He told me he needed me to “complete a task swiftly” and needed my cell phone number. The task was to go to the closest grocery store and buy gift cards for an upcoming presentation. Although I felt that this email was out of character, I was new to the firm and wanted to help a colleague, especially if it was the CEO. So, I drove to the grocery store and went inside to the card section. During this time, I was receiving multiple texts from “Emil” saying this matter is urgent and I should text back when I have purchased the cards.

I was looking for the card he asked me to find, three eBay gift cards with a “denomination of $200 each,” but I was still unsure about his request so I called my manager to confirm if I should buy these cards. I was told, “Don’t buy the cards. You’re being scammed.”

I was startled.

“Me? Someone is scamming me? I’ve only been with the company for three weeks; how could they get my email so quickly?”

The Reality

I didn’t believe it until I looked back at the initial email and saw this was not actually a company email address. I was indeed the target of a phishing attempt. I recently read an article about how scammers call people and pretend to be a DEA agent and telling their victims to avoid indictment, they have to turn over money. In 2020 alone, 19.7 billion dollars were lost to phone scams.

In my scammer’s email, I was told the matter was urgent and needed to be completed as soon as possible. Although I didn’t get an outright phone call, the scammer kept on texting me until they received a response, demanding to know if I bought the cards yet.

Luckily, I trusted my instincts, reached out to my team, and didn’t follow through with the scammer’s demands, but not everyone catches the clues before it’s too late.

The Result

Since I gave my phone number to the scammer, I knew the next course of action was to get a new number. I had many important accounts connected to that phone number and for peace of mind, I changed it. Our Director of Cybersecurity Operations, Christopher Houseknecht, recommends if anyone responds to a scammer text message, especially if they provided information that the scammer was looking for, then it’s best practice to switch phone numbers.

He also shared a few basic ways to avoid a phishing scam:

  • Slow down
  • Read the email without clicking on things
  • Do NOT click on random attachments
  • Check from MAILTO email address

After beating my first phishing scam, our CEO commended my manager and I for raising the red flag when we both thought the activity was suspicious. Within my first month on the job, I learned through firsthand experience the importance of checking the MAILTO email address if I suspect any irregular activity, especially if it seems out of character coming from someone I know.

Ntirety provides Security and Phishing Awareness Training that can help protect you, your coworkers, and employees from getting scammed. To get started with your own training, contact us at https://www.ntirety.com/get-started.