Working at an external IT Support company, we very often receive forwarded suspicious emails from our clients (this is one reason to whitelist your clients, so it doesn’t get blocked by your spam filter).
However, even people with very good common sense can still fall prey.
In the following example, you can see that my client came very close to a security breach because she was not careful enough with clicking on a link.
From: censored client name here @ email
Sent: 04 June 2019 07:46
To: James Aykin <[email protected]>
Subject: FW: Client Name
here
Hello,
Is the below email genuine?
CLIENT NAME
Company name here
Email: Client Email was herelol
From: mark
< [email protected]@hotmail.com
>
Sent: 03 June 2019 20:09
To: censored client
name here @ email
Subject: Client Name
here
… |
[Message clipped] View entire message
From: James
Aykin <[email protected]>
Sent: 04 June 2019 08:14
To: censored client
name here @ email
Subject: RE: Client
Name here
Hi Client,
No.
I can tell through several reasons, firstly the title – why would any legitimate email title be simply your name with no indication of the content;
Secondly is that a blank email wouldn’t be clipped, if it was even possible to be clipped by some incredibly outdated email client;
Thirdly is that the link goes to scam website goes here which I can’t exactly say is some reputable site;
Finally is that his name is just “mark” which seems really suspicious to me, as well as being some Hotmail account.
Seems to me like something the spam filtering should’ve picked up!
Hope this helps
Best regards
James
From: censored client name here @ email
Sent: 04 June 2019 08:17
To: James Aykin <[email protected]>
Subject: RE: Client Name
here
I have emailed that email address before. I did click on the
link but closed it when it asked me to sign in. Is that a problem?
From: James Aykin <[email protected]>
Sent: 04 June 2019 08:21
To: censored client
name here @ email
Subject: RE: Client
Name here
Okay, that changes things.
Have you ever had to create an account on this site?
Please don’t click on it yet, let me do some more investigation first.
Best regards
James
From: censored client name here @ email
Sent: 04 June 2019 08:23
To: James Aykin <[email protected]>
Subject: RE: Client
Name here
No I don’t think so, it came up with my email address but I didn’t do anymore
From: James Aykin <[email protected]>
Sent: 04 June 2019 08:26
To: censored client
name here @ email
Subject: RE: Client
Name here
Ok, I understand. If you had put your email password in there I think that would’ve been a security breach, so I’m glad you clicked off it when it asked you to sign in. It’s a very common hacking technique to try and get someone to login with legitimate credentials onto a fake site.
What have you emailed this person about before? It all seems extremely suspicious to me.
Best regards
James
From: James
Aykin <[email protected]>
Sent: 04 June 2019 08:37
To: censored client
name here @ email
Subject: RE: Client
Name here
Hi Client
Just confirmed it was a scam.
I went to the link on a virtual machine with a default windows installation so there was no risk, and I saw the login screen. Tried with no password and it let me in – very clear indicator that it was just phishing for your email password.
It immediately took me to some extremely suspicious cloned BBC news site riddled with ads and junkware and automatic installs. It’s 100% a scam.
I’ve blacklisted this sender and trained the spam filter to try and pick up on these emails in the future.
Thanks for letting me know.
Best regards
James
Overall, the most important thing in resolving these sorts of cases is keeping the client relatively calm while also making it clear that there was an inherent security risk at play.
Put yourself in the client’s shoes just for a second here – someone they spoke to before had sent them an email that they had no reason to suspect and clicked on a link. Then after considering putting in their details, they decided it wasn’t worth it and asked their IT Support for assistance.
Wouldn’t you be a little scared? Clicking on a link can be dangerous, and then your IT Support tells you that it’s a scam website. What’s the first thing you think? Infected computer.
Using technical terms with a client that won’t understand them is often fine, as it reassures them that you know what you’re doing and explaining every step along the way allows them to make better judgements in the future about what links to click and not to click.
Fortunately, the scam website was mostly harmless, filled with Cryptocurrency mining scripts and password phishing attempts. But it was very close, as a link can be to a direct download.
Dealing with panicking clients is a difficult balancing act because you need to prevent them from freaking out but allow them to understand that they made a mistake and should try avoiding a situation like this in the future.
Nowadays people need to be aware to NEVER click on a link unless they’re 100% certain it’s safe.
contact us now