Phishing Emails - Steer Clear
Example: A BIT staffer recently received a friendly invitation from a third party research company claiming to contact them on behalf of one of our software vendors. We have been doing business with the vendor in question for decades; for this example we will call them Business Automation for Information Technology or BAIT (because in government we love acronyms). As vendors go, we would call BAIT an acceptable business partner, but not a great partner. As with most vendors there are a few things about their business model that seem counter-productive or less than ideal for our needs and we have always felt that our concerns about that were falling on deaf ears. Now it appears that BAIT has decided to hire a research group to find out what BIT thinks of them AND that they intend to use our feedback to improve their services. BAIT sends this notice to our staffer in an email.
In brief, here are the thoughts from the person who received the email:
- Well, it's about time they start to listen.
- It might be a good investment to spend a few minutes with them. But it’s odd that no one in BAIT told me they had hired this research firm. (Yellow flag goes up.)
- I'll have to assign someone to follow up with our official BAIT rep to make sure this is legit before I do anything. (Healthy caution sets in.)
- Oh, hey. Look at that. They are offering me a chance to win something cool just for responding. (Red flag goes up.)
- They provided a simple link I can click on. (Red flag starts waving.)
- They want an answer in a short time-frame creating pressure to ‘act now’. (Warning horns go off.)
Bottom line: Do not click on links in emails unless you asked the person to send you the link or have another reason to trust the source of the email.
Special thanks to Wayne for the article!