This story comes from a SAC staffer:

Last spring, I received an email from a friend with the subject, “Help! I had an Easter disaster.” The subject seemed suspicious, and normally I wouldn’t even open an email with a subject like this, but the scammer who sent it used email spoofing to trick me into opening the email. The sender appeared to be my friend, and her name appeared exactly as it is saved in my contacts. It was only after clicking directly on her name and seeing a different email than her own appear that I knew for sure it was fake.

I was curious to see what horrible thing had happened to her on Easter only to find that she was “stuck in the Philippines” and needed me to “wire her $2,000 immediately”. The email was surprisingly well written without the spelling and grammar errors I have come to expect from fake emails. In addition to having clicked on her name to reveal the true sender, I knew the email couldn’t be real because I had seen my friend a couple days before, and she had mentioned nothing about traveling to the Philippines! I didn’t click on any links in the email, and I deleted it.

I contacted my friend immediately to let her know, and she told me that her email had been hacked. Apparently, I wasn’t the first person in her contacts to receive the desperate email. She contacted her email service provider and was able to gain control again, but it was still a very stressful situation for her.

She has since learned to use stronger passwords and to only view sensitive information on protected networks. A little precaution and awareness can go a long way!

Have you experienced a social engineering scam or phishing email? Tweet us at @secawareco and tell us your story!

Tyler Balding

Lead e-Learning Developer at SAC
Tyler spends her days finding fresh, fun ways to teach age-old security concepts, making all of SAC's e-learning modules visually stimulating. She spends her free time traveling and perfecting her wine-tasting skills, and steals the boss’s dog on weekends.