So
this happened at work yesterday:
An
email came into my queue that looked bogus: it purported to be about some
purchase order. And I didn’t recognize the sender. And it was supposedly via “Dropbox
Secure Transfer”. And my company doesn’t use Dropbox.
So I
clicked on the report phishing button, as I’ve had occasion to do a couple of
times in the past, and immediately got this reply:
On the
one hand, this really wasn’t much of a brainer—if you’re going to try to tempt
me to click on something, at least pretend to use an application that’s
approved within the environment. (I actually contacted Help Desk before
downloading my home printer driver on my work laptop; this organization is
serious about not infecting devices and networks with unauthorized
miscellanea.)
On the
other hand, people—do not click on links from senders you don’t know. And even
don’t do it from people you think you know. Phishing is one of the easiest ways
for threat actors to do really bad things to your PC, to your address list and
to your company’s network. I read two to five stories a week about ransomware,
malware and other crap that shuts down hospitals, governments and companies
where the point of entry was some employee clicking on a malicious link.
I’m
glad I passed the test. And I hope you stay vigilant, too.