A Clever Phishing Attack Averted on Canada Day!

Members on my team received this email message from ‘’me’’, on Canada Day, out of all days…

Phishing email

This was a phishing attempt.

Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

That email was sent from an impersonator, their email being i@verrizone.com whereas my email is jayson.peltzer@u7solutions.com.

Gmail actually recognized the attack for most of my other team members and flagged the email with this big yellow warning sign:

Phishing email 2

In this case, the email was sent from “u7solutions@workmail.com” which as well is NOT my email address, but much more misleading and tricky since it has our business name in it.

Most people on my team who received this did NOT reply, largely thanks to this warning sign, and to their technology background.

But ONE person did.

Sadly, she received the email without the yellow warning sign. She is also an administrative assistant, therefore the request was more fitting for her role with our company.

The conversation went like this:

Employee: Hi Jayson, you can text me at *number*

Phisher: Hi, I'm in a meeting, but I need you to do me a favor and pick up some gifts cards for me to give to clients.

Employee: OK, I'm at the airport, but I can see if they have any here and mail them if you tell me who I should send them to. Or, I could order them on Amazon and have them sent directly to your place...

Phisher: I was thinking you could get them at a physical store, I don't mind if you complete this after your flight. What I need is a Google Play Card of $500 face value. I need 2pcs of the card. That's $500 X 2, $1000 in total. The budget is $1000, Just in case you can’t find them in 500’s face value, you can also get them in 100’s (10pcs). Kindly purchase the physical cards at the store, scratch the back out and text me pictures of the codes. Thank you.

After receiving this message she knew something was up and messaged me on Google Chat, where most of our team members communicate.

Luckily, she did not go through with any requests and blocked them after confirming with me that it was indeed a phishing attack.

ChatsConvo

She told me later, “If the Phisher hadn't been greedy, and if he/she hadn't asked me to just text the codes I might have fallen for it.”

I quickly made use of our “team” email list to send a warning to NOT to respond to the attack.

Had it not been for Gmail’s yellow flagging, it’s very possible that more team members would’ve missed the dodgy sender’s email address.

Scott Wright, a friend of mine who owns a cyber security company called Click Armor, says it is similar to the kind of attack suffered by the City of Ottawa’s Treasurer, when $100,000 was sent to an account, based on the impersonation of her boss, the City Manager.

He adds, ‘’They will be successful with many of these attacks, especially with organizations that don’t have sophisticated gateway filters such as the one in Gmail. So, despite being able to avoid the threat this time, you do need to keep your team sharp, and on the lookout for suspicious inquiries. There will always be more coming.’’

We take security on the web really seriously, which is why we want to share this personal story to grow awareness.

At U7 Solutions, we work hard to prevent that our client websites from being hacked. Security is always a top concern of ours. In fact, we have a whole series of security items we apply to each website so that we can be as proactive as possible.

But, sometimes security breaches go beyond technology and are at the human level. This experience was just that, it was a corporate hack. Given that most members on my team are web developers and very tech savvy, we weren’t the easiest target to trick.

However, if you believe that your business would benefit from training or a workshop on cyber security, I strongly recommend contacting Scott from Click Armour. His company is designed to address this ongoing reality of constantly evolving threats to businesses, which target employees. He is making it more fun to do that, and more effective for managers to monitor their proficiency through various programs and workshops.

Read more here: https://www.clickarmor.ca/ and stay vigilant!

If you’re interested in moving your business email system over to Google Suite, then contact me directly at jayson.peltzer@u7solutions.com

Members on my team received this email message from ‘’me’’, on Canada Day, out of all days…


Enjoy this article? Don't forget to share.

Jayson Peltzer
Jayson Peltzer
Jayson’s passion for web technology began in 1998 as a web developer. Logging over 30,000 hours of experience creating websites, he has gained significant industry expertise derived from 20 years of solving information management and web technology problems. Jayson's primary aim is to help people and businesses keep up with and master the fast-pace ever-changing technical world we live in. He believes that in IT, we should never take the human element out of the equation.
Get a QuoteClient Area

Contact Us