Unfortunately, as crazy as it sounds, there IS NO WAY to tell without any doubt when you are looking at an e-mail that it is from the person who appeared to send it. Spammers can use a wealth of techniques to spoof addresses to make it appear like an e-mail came from someone you know and it’s easier than you’d think! In order to make this point in the best way possible, we did a couple of very sneaky things:
Luckily, the page you logged into was just a little app built by us to give you this message and point out how simple it is to fall for such a scam when the message appears to be from someone you trust. We didn’t actually save your password obviously, but a real spammer would already have full access to your account using your password (). They would also have access to a lot of additional information, including that you are using v, on a device, from .
This exercise is not meant to humiliate, point fingers or name and shame. This is an exercise in corporate security to make sure everyone is on the lookout. Spammers can be incredibly devious, they have lots of ways of making login pages look even more convincing than we did. For example, If I was to tell you to always make sure that the URL in the browser was login.microsoftonline.com when you logged into Office365, a spammer might send you to login.rnicrosoftonline.com. That’s an ‘r’ and an ‘n’ in the domain name, in place of the ‘m’ in Microsoft. Would you have noticed?
That’s just one example, but spammers are constantly coming up with new techniques and tricks to catch us out so even if there was a “sure fire” way to check now, it may not be trustworthy in 6 months, or even next week! In order to keep our company safe therefore, please instead follow these best practice guidelines at all times.
We have already seen multiple examples of e-mails sent to people in this organisation purporting to be from Tony asking them to transfer money to pay a spoof invoice, open a fictitious attachment and log into a hacked website, no joke!
You might not think we are much of a target as a small company, but I guarantee you, we are! These threats are absolutely real and we need everybody to be on their guard. If someone were to get access to any of our internal services or anybody’s email account, then a great deal of damage could be done. Please do your bit to remain vigilant and keep us safe!
Happy Friday 😉
P.S. Don't tell anyone else you got tricked, we want to see who else falls for it!