A phishing email.

A not very sophisticated phishing attempt, but sometimes simplicity wins. I received this to one of my personal email boxes on my personal domain.

A simple construction of email to the domain.

The link off-site went to a very simple self-constructing site that would have used an external resource (image.thum.io) to capture a root window snapshot image of the site to place under the "login" box. The email address was in the GET parameters (and the displayed company name inferred, very simplistically, from the domain part).

Absolutely not enough to catch me out, but someone less fastidious? In these times of economic stress for many, a message like this is going to raise the stress even more, and play on emotional cues (fodder to the con artist).

It's easy to say "ah, but that's so obviously a phish I wouldn't fall for it". I have news for you - scammers don't care how often they fail and YOU are not the target. The busy person at the bottom of the food chain, who may not be quite so observant or fastidious, is.

It behoves us to make everyone in every organisation aware of the risks.

The question people often ask is "Why me?" The answer is simple: because they can. Because you are there. Because any foot in the door is a start. The attacker can investigate what facilities and people they have access to. Maybe nothing. Maybe something. And at least they might have access to an email account they can use. Ingres - Investigate - Pivot.

PS: apologies to anyone offended by the test email address I chose to use, but I wasn't going to validate their records with my own.