You read that correctly. Just a few days ago, I almost fell for a phishing scam. Its deceptive simplicity, coupled with my brief lapse in attention, nearly had me fooled. This week, I want to share the specifics of this scam, drawing from my experience to help you stay alert.
It began with this email (https://share.zight.com/z8udg221) received through our website’s contact form. The sender was someone named Marc from John Deere, seeking IT services related to computer hardware. Initially, it seemed unlikely to me that someone from John Deere would need our IT assistance, considering they likely have their own internal department. However, we have previously served smaller departments from large corporations, often for utilizing their marketing funds or to expedite urgent purchases. A search for ‘Marc Johnson’ on LinkedIn yielded a legitimate-looking profile. Moreover, entering the domain from his email, “deerecompany.com,” into my browser redirected me to the John Deere website. The realness of both Marc and the domain swayed me to respond.
I replied to Marc (https://share.zight.com/WnupnPvE), inquiring how we could assist. His response (https://share.zight.com/9ZuLpn1k) was a question about if we kept any laptops for sale in stock, sent from a John Deere email address. His email signature and writing style appeared genuine. Nevertheless, something felt amiss, prompting me to seek our lead technician Daniel’s expertise. Daniel’s quick investigation revealed a basic phishing strategy I had overlooked.
Daniel discovered that the domain “deerecompany.com” was recently registered and wasn’t the actual Deere website, which is “deere.com.” The scammer had cleverly bought a similar-sounding domain, set up an easy redirect to the real John Deere site, and impersonated an actual John Deere employee, Marc Johnson. Using our website’s contact form, which is set up to bypass our spam filters, was a strategic move to legitimize the communication and ensure the email reached my inbox.
What could I have done to detect this? Our email security service added a warning banner (https://share.zight.com/E0umvQ1K), a clear red flag to his direct email. I also should have been more observant of the address bar after typing the fake domain name. Additionally, reaching out to the real Marc Johnson on LinkedIn could have clarified things.
This phishing attack was exceedingly simple and very cheap for them to execute, yet it’s potent enough to deceive anyone, especially when distracted. With an increasing number of people worldwide adopting hacking as a profession, the low-cost nature of cyber attacks, poor law enforcement, and the availability of technologies like ChatGPT that enable flawless English communication, cyber threats are continuously evolving.
What can you do? Take warning banners from email security systems seriously and treat quarantined messages with caution. Always remain vigilant. And when in doubt, don’t hesitate to ask for help. That’s what we’re here for.
Stay safe!
– Burak Sarac, Team Lead
|