Gone Phishing: What I Learned from an Attempted Hack on My Account
Lesson one: Trust your gut.
![gettyimages-488437074 gettyimages-488437074](/sites/default/files/styles/landscape_750_463/public/import/IMG/753/360753/gettyimages-488437074.jpeg.webp?h=7f946665&itok=pWIvhuqx)
I'm going to be honest with you. I've always taken for granted the warnings laid out by cybersecurity experts when it comes to phishing attacks. In the past, I've never had trouble distinguishing a real email from one that I believed to be from someone trying to steal my identity.
Just like everyone else, I've gotten my fair share of notes from Nigerian princes looking to share their wealth, or friends stranded in remote locations with no money in need of my assistance. Naturally, I delete these feeble attempts without pause. In fact, most of the time, they don't even make it through the various filters that have been set up to protect me by my email providers.
And while I understood hackers don't worry about personalizing these attacks because they are just trying to cast a wide net, I still was always amazed when I'd hear about people getting hacked this way. Who could be so stupid to fall for these poorly-constructed scams?
Well, apparently me.
Near Miss
Maybe it was the jet lag from flying back from Chicago earlier in the day (Can you get jet lag from only losing one hour?), or maybe—more likely—it was the hangover I was still nursing from the Super Bowl, but an email that landed in my work inbox Monday afternoon caught my attention. It read as follows:
SUBJECT: New sign-in from Chrome on Mac
Several attempts to login to your account ID (dan.defrancesco@incisivemedia.com)
with incorrect login details was blocked.
You are receiving this email as you are subscribed
to office 365.
To keep your account secured, it is important you
Validate your ID.
We may temporarily limit your account if you fail
to act.
Outlook Team
Office 365
I don't know what it was about note that gave me pause, but I seriously considered hitting the hyperlink ("Validate your ID"). Granted, it only took about two minutes to recognize the formatting was all wrong and the email came from an account that wasn't linked to Outlook or my internal technology team, but there was a moment of hesitation.
Now, before all the chief information security officers (CISOs) I've dealt with over the years start crafting emails to me about how I should have been paying better attention to them during our talks, let me add that the wisdom they imparted to me actually stuck. At the end of the day, it was the golden rule of phishing that had been drilled into my head over the years that saved me: Never give out your personal information if you are at all suspicious of the email.
Changing My Tune
And although I didn't fall victim to this particular attack, it did make me recognize my own mortality when it comes to phishing attacks. For a long time, I never understood how people at financial firms who are far smarter than me could fall for stuff like this.
But then I put myself in their shoes. While I'm simply a lowly journalist, these are high-ranking executives at some of the most powerful firms in the world. They are extremely busy around the clock. I could easily see how an email—albeit crafted slightly better than the one sent to me—could lead an executive in a rush to send along the necessary information without a second thought.
I know sending out fake phishing emails is common practice among financial firms' cybersecurity teams, and now I can see why it's such a good practice. With so many email scams getting caught in my junk folder, it was nice that one got through to test out all those cybersecurity protocols that I've learned over the years.
That is, of course, assuming this was actually a phishing scam. Hopefully my email hasn't actually been comprised. If so, I swear I'm not actually in Vietnam in need of money.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Emerging Technologies
Reading the bones: Citi, BNY, Morgan Stanley invest in AI, alt data, & private markets
Investment arms at large US banks are taken with emerging technologies such as generative AI, alternative and unstructured data, and private markets as they look to partner with, acquire, and invest in leading startups.
Startup helps buy-side firms retain ‘control’ over analytics
ExeQution Analytics provides a structured and flexible analytics framework based on the q programming language that can be integrated with kdb+ platforms.
The IMD Wrap: With Bloomberg’s headset app, you’ll never look at data the same way again
Max recently wrote about new developments being added to Bloomberg Pro for Vision. Today he gives a more personal perspective on the new technology.
LSEG unveils Workspace Teams, other products of Microsoft deal
The exchange revealed new developments in the ongoing Workspace/Teams collaboration as it works with Big Tech to improve trader workflows.
IBM report finds ‘shadow’ data significant contributor to data breaches
As AI and cloud take on greater importance in the capital markets, firms need to consider their threat impact zones.
Bloomberg adds AI earnings summaries to Apple Vision Pro app
The vendor continues to add content and functionality to its Bloomberg Pro for Vision app, which sits at the convergence of spatial and mobile computing.
SS&C continues Blue Prism rollout, eyes other acquisition targets
The company is focusing on organic growth while keeping its eye on potential acquisitions.
CME: CFTC OKs clearing move to Google Cloud
The CFTC has given the Chicago-based exchange approval to run its clearing and settlement infrastructure on the Google Cloud Platform, while the exchange and vendor have extended their partnership to last until at least 2037.