Last Thursday, we were hit with the most devastatingly effective phishing scams I have ever seen. Behold:
Not one, not two, but at least four people replied innocently believing that “firstname.lastname@example.org” was our own dear Mary Furbush, which led to the scammer spamming almost anybody he could.
What made this scam so effective? Its simplicity.
- The language is brief, to the point, and believable.
- The scammer wasn’t a bot but an actual human being, preying on the authority held by the Executive Director and our open and trusting natures.
This isn’t hacking–it’s social engineering. It’s the kind of “hacking” that would work if someone walked into our office with a jumpsuit and utility belt, and said, “Hey I’m taking care of something for the building,” and we would probably offer him a coffee and a snack while he walked off with a computer or an employee file.
The scammer’s email address was right there for everybody to see, but we weren’t looking. So please don’t let your guard down!
Speaking of which, although it’s not in our Professional Development catalogue yet, I am planning a PD workshop entitled, “Yes, They Do Want Your Data: Security Awareness for Educational Professionals,” penciled in for February. Let me know if that is something that would interest you!