As a security guy with well over a decade in the business, you’d think my phishing filter would be very high. For the most part, you’d be right. I see thousands of phishing attacks a year and we create dozens each year to test our customers as part of our training service.
However, this morning, I got phished and fell for it.
The worst part? It was a classic invoice phish that was totally beneath me. So, why on Earth did I fall for it?
The timing of the pretext was simply flawless.
This very morning, we had a call with one of our partners (who shall remain anonymous) regarding one of the many events we are doing in the near future. On the heels of this call, I received an invoice from the CFO of that partner regarding an outstanding balance. Without even thinking I assumed it was regarding the event and clicked through like so many of my phishing victims… (er…) “trainees” before … suddenly, I’m walking in the sewer without a decent pair of boots!
The minute I realized the error, I forwarded the payload and IOCs off to our SOC and IR team, confirmed that nothing executed, blocked everything, and reset my iPhone just to be safe. No damage was done.
(Side note: O365 DID NOT flag it as malicious on the way in, but DID when I tried to pass along to the SOC. Classic!)
A quick phone call to the partner confirmed my suspicion: It turns out that the CFO for that company had their account compromised last night and the “invoices” went out to everyone this morning.
I have several points to take away from this experience:
It can happen to anyone. Just because you are “smart” and have “security” in your title does not make you automatically immune. If a phish comes at the perfect time where trust is assumed…
You. 👏🏻 Are. 👏🏻 Still. 👏🏻 Vulnerable.
Know your Incident Response Process. The email got past me, but I recognized the back end of the attack quickly. The Incident Response process began immediately so, it took less than 15 minutes to clean up.
Don’t forget… As much as you think it won’t be me, someone someday will get lucky and it WILL happen to YOU.