Another funny phishing story

(Matt Parkes) #1

This story is so unbelievable I just had to share it with all of you.

So I received an email this afternoon from Payroll with a title of “Confirmation of bank account” which upon simply seeing the entry, my antennae were twitching. I selected the email cautiously and hovering over the links and looking at the footer and the contact details of the person sending the email it all checked out. Having read the body it didn’t really make much sense, grammar was a little off and the sentence did not seem to make much sense and then there was a docx attachment so 2 red flags - must be a phish or someone else in the company has maybe enlisted Knowbe4 without my knowledge to test whether as a security professional I follow the same rules as expect other to follow - how cunning!!

So I rang the person in Payroll directly asking if they had sent the email and they said they had and seemed a little surprised that I thought it was not genuine. I pointed out the various elements which raised the red flags and without seeing the persons face I imagined a blank stare on their face.

I think another round of training is called for :sob:


The security awareness struggle is real…you have my condolences.

(Bill Howells) #3

It’s never to fun to tell a co-worker their email doesn’t make sense and their grammar sucks…

(Matt Parkes) #4

My colleague did not appear to be insulted they just did not get it and just put the poor grammar down to typing too quickly. The strange thing is they attached an HR form for me to confirm my bank details which is readily available via our intranet, they could have just referred me to this, they don’t even have to put a URL link to it in the email because this would have been just as suspicious until I had checked the URL anyway. I just can’t help but chuckle at the irony.

(Doris Farnham) #5

It must be the Accounting/Finance mind. 2 of the 3 employees here who opened and clicked on the Google Docs mess were in our Finance department - and this was done after we sent out 2 warnings to users. At least they stopped at the login. 8)

(Warren White M.S. Cybersecurity) #6

It almost gives fake phishing emails more validity because there are people who use poor grammar and put links/attachments into emails without a second thought. It can be assumed that people who create that kind of mistake would send out sensitive information in an email. You did very well following up with a suspicious email and “trying” to teach your coworker about the red flags you saw haha. I find that taking screenshots and highlighting/circling the errors in red tends to stick with people well. Good luck on your future endeavors and stay vigilant!