Funny Phishing Story: Your Online Order Receipt

(Stu Sjouwerman) #1

A customer sent us this:

Hi, I wanted to share with you a funny story…._

My boss calls me into her office, very serious like. She sits me down and asks “Did you use the company credit card without authorization?” I am very confused, although I have access, I would not order anything without asking. I am the only IT person at our workplace, so given the item “ordered”, she came to me. So I said “No….what is it that you have a receipt for?” ….and she shows me this…I nearly busted out laughing, but thought better of it and explained that this was a phishing message designed to get you freaked out and click. Thankfully she came to me without clicking it, so the training is working, but gosh, some of these really come back to me haha!


Name withheld to protect the innocent

This is the KnowBe4 Template that was sent to the end-user, at the KnowBe4 Blog:

(Edwin Eekelaers) #2

Nice one… At least the company credit card wasn’t used in an adult shop :smirk:

(Will Jeansonne) #3

Phishing simulation is definitely a double edged sword, but you have to do it!

(Edwin Eekelaers) #4

I know but i’m still waiting on the CIO’s approval to have the simulation run.

(Joe) #5

Can even happen to you lol

(John) #6

One of our directors fell for the Amazon message about ordering the Snuggies and Bob Ross Painting DVD set. I asked them, did you order a Bob Ross Painting DVD set? Do you paint in your free time? They said no. So I then asked, why in the world would you click the link. They answered to see if it was legitimate or if someone was using my credit card and ordering things. Hmmm…

That same message with the DLink router was sent to one. They asked me about it. Asked if I ordered it. When I said, as the IT person, I would not order any technology and have the receipt sent to a non IT staff. She then opened it and clicked the link, and after sent me a message that asked if it could be spam or a virus. I wanted to ask her, what did it say when you clicked the link. I had to refrain because it was our initial test and no one knew about it.

(kaysu A.) #7

lool good one //////

(Joe) #8

Ya it was hard when we ran our first test Surprised we had a lot of calls asking about the test and had to well its spam delete it and thank you for calling Not wanting to make them aware of it and tipping off other user.

(Warren White M.S. Cybersecurity) #9

Can’t have a good phishing email without someone freaking out about the contents. Human emotions can usually be hacked easier than computers. It’s always a good idea to confirm strange details of an email with the actual person that the email is about. This doesn’t mean emailing a response to the original source though, as another phishing follow up email will typically be sent back. Knowing proper security measures is a must in today’s technology.