Leo was hard at work when he got a new message in his inbox. It appeared to be from his company’s trusted supplier. However, upon closer inspection, he realized the sender’s address was misspelled and that the message did not match the style typically used by the supplier. He decided it was likely a fake. Leo clicked the “unsubscribe” button on the email to take himself off the scammer’s list. Little did he know, the unsubscribe link was part of the phishing attempt and was malicious.
After unsubscribing, he went back to work as usual. Despite his assumption that the message was a scam, Leo did not think it was necessary to report the message to anyone since he did not fall for it. Weeks later, the company suffered a major breach as many of their employees also fell for the phishing email. The cybercriminals infiltrated the company’s systems and gained access to important data from many different departments.
Did you spot the red flags?
- Leo should not have clicked “unsubscribe” on the email if he had any suspicions that it was a phishing message as scammers often use this tactic to trick users.
- Leo did not alert his company about the phishing message. This simple step could have prevented the breach, or mitigated its impacts.
What you should know about this scam
Do not respond to or unsubscribe from phishy messages. Just delete and block the sender.
Report any suspicious messages to your IT team and manager, whether you click on them or not.
Why incidents are often underreported:
- 43% feared the repercussions of reporting an incident.
- 36% felt that reporting was unnecessary.
- 32% simply forgot to report.
Cybersecurity is a shared responsibility, but the proper authorities need to be informed when something occurs in order to provide the proper support. Only then can we come together as a team to combat cybercrime.