THANK-YOU-VERY-MUCH

THANK YOU VERY MUCH

SHARE

“Sara, did you get the email from Roy?”

“What email?” Sara mumbles, while clicking open her Outlook. “What time was that email?”

“9:54 a.m.,” a muffled voice rings out from the copier room.

“Great.”  Oh wow,” Sara ponders while reading the email.

“Why so much?” she continues, as she reaches for her glasses . “Nancy, do me a favor and wire $50,000 to Roy Tolle. But hold on, he wants to change his account number. Forwarding the email to you now.”

“I didn’t get the original,” a confused Nancy responds. “Why so much?”

“I can’t say,” notes Sara.

“Okay,” Nancy says, with a sigh . “But Roy doesn’t say if this is reoccurring or not.”

“It is,” Sara says, peeping over her cubicle. “That’s the way it’s been with him. So ,make it a weekly reoccural . Plus, he’s in Prague; who knows what he wants the money for.”

“Yeah, you’re right,” says Nancy. “You know, he usually calls to stop them for short periods of time before resuming.Also, he usually requests $5,000, not $50,000,” . Meanwhile, Roy is emailing back.

“Are you guys not getting his messages?” Cressida chimes in. “You’re all on it. Oh, he’s asking for our cell numbers. It says sorry guys, I dropped my phone looking over a bridge over the Vltava River.”

Nancy stands up from her desk. “I am simply not getting these messages. Please forward it.”

“Something is definitely wrong with your Outlook,” Cressida erupts, “because I’m looking right at your name.”

“Alright, I’ll call Bullet, in IT support”  responds Nancy.

“No,” Cressida snaps back. “Go down there.”

“Down in the basement?”

“Yes,” says Cressida. “You need help now.”

Nancy heads toward the basement. She’s not sending the $50,000 until she gets further confirmation.

Nancy knocks on the door marked ‘Technology,’ gets no answer and starts to walk back to the elevator.

But then the doors open and there is Bullet . “Looking for me?” he asks.

“Yes,” Nancy says. “I am NOT getting emails from Roy, but the rest of the ladies are.”

“Well, I am using you as a guinea pig,” says Bullet.  “I am doing a 30-day free trial for MXINSPECT on your desktop. eMazzanti wanted me to actually protect everyone and train you guys, but we’ve never had any real trouble, and to make my account manager feel like I was really paying attention to what she said, I opted for the trial.”

Her eyebrows go up, and Bullet continues. “ Let me tell you. My plans were to make her think I would eventually purchase it, but I’m going to cancel. I’ll make up some excuse,” he says.  “I was impressed by the fact that MXINSPECT can protect organizations from email threats, including phishing, malware, spam, and other forms of objectionable or dangerous content by leveraging leading technologies in a suite designed for small businesses like ours. But when does it end?  We have evaded these kinds of attacks for years. They did a security background on us and it came up with some associates’ information on it, but there were not many new ones; some of the associates had moved on.”

“Yeah, Bullet,” says Nancy, with a twitch. “But wouldn’t that be a cause for concern?”

“ Listen, I have been doing this for 15 years with a few hiccups here and there,” he says, with a wave of his hand.

“Bullet,” she urges, “Come on. Technology has evolved exponentially in the last 15 years.”

“ Yeah, well,tThat’s why I decided to give the service a run through, and now look.  I am all about the budget. Savng MONEY!Unfortunately, this MXINSPECT might be blocking Roy from emailing you. I don’t know; it’s supposed to keep predators and spam out. Let me look into it.”

He makes a call.

“It’s a great day at eMazzanti Technologies; how can I help you?,” says an eMazzanti account manager.

“Hi, this is Bullet from Prettler Marketing.”

“Hey Bullet, this is Jenny.”

“Jenny, just the person I wanted to speak to,” he says, relieved “Listen. The free trial of MXINSPECT that you set up for that one desktop, I think there may be an issue with it. One of the ladies in our accounts department, Nancy, is not getting emails that she is clearly cc’ed on.”

“Bullet, MXINSPECT doesn’t make trouble; it stops it,” Jenny says. “Explain to me what exactly is happening?”

“Well, some emails are coming through from the owner, Roy Tolle, who is traveling and may at times request wires, but  Nancy says she has not received the email.”

“Bullet, forward a copy of the email to me.” Moments later. “Bullet, what is Roy Tolle’s email?”

“It’s [email protected]., he notes.

“I thought so because that’s what we have,” she tells him.

“Bullet, eMazzanti Technologies employees are trained to recognize a phishing attack. During your QBR last month, we discussed cybersecurity training for your staff. Unfortunately, I cannot twist your arm. The cost of your peace of mind could be $1 per user vs. thousands of lost dollars. We discussed this.It’s my job to sell you what I believe will ultimately help you, and I know you chose the 30-day free trial of MXINSPECT, which has helped you in this situation.”

THANK YOU VERY MUCH_Sub image

As she monitored her client’s account, Jenny continued: “From what I can see here, Cressida and some of your other accounts team members are experiencing a phishing expedition; which happens when an email closely resembles a legitimate email, but contains slight alterations that are easy to overlook. Here, let me give you a sample training.”

Jenny shares her screen and starts writing in her OneNote. “Based on the actual email and the email Cressida received, which email below is the bad actor attempting to use?”

  1. Domain Variation:
  2. Character Substitution:
    • Replace similar-looking characters:
      [email protected] (replacing “l” with “1”)
    • Use different characters that look similar:
      [email protected] (replacing “e” with “3”)
  3. Additions or Omissions:
  4. Subdomain Addition:

“Oh, JENNY, it’s number 2, the character substitution.”

“Precisely, Bullet.”

“Our training would have taught your team what to look for when receiving emails and how to handle so many other security issues,” she noted. “The subtle change with replacing the ‘l’ for a ‘1’ went undetected, but even without training, Nancy was safe because of MXINSPECT.Bullet, I would like to speak with the whole accounts team, now. I consider this an emergency, and it’s my job to do a quick discovery with the team so that the buck stops here.”

“Hold on,” Bullet replies, rubbing his entire hand down his face . He calls Cressisa, Sara and Nancy.

Bullet speaks with some exhaustion . “I have Jenny from eMazzanti on the line.” “Hi guys. Bullet and I have been discussing an email you received from Roy Tolle.”

Cressida speaks out. “Yes. That was for a transfer request, but what does that have to do with Nancy not getting the email? That’s an Outlook problem,” she says, bothered.

“Cressida,” Jenny says, “It’s not. It’s an email phishing attack, and because Nancy is the only one using MXINSPECT, the email was filtered as spam and did not come to her.”

“Sara,” chimes in, “explain.” Jenny states confidently, “Simply put, you guys are not receiving emails from Roy. You’re getting them from a bad actor. All of you are smart. Please take a good look at that email. Now, compare what you know to be Roy’s email to what you recently received. If you must look in the directory, please do so and tell me what you think?”

“God help me,” Nancy gasps, being the first to respond. “I think I’m going to throw up.” “Why?” everyone asks in a cacophony. “Because I almost sent the $50,000 after Cressida forwarded the email with the new account number.”

“Wow,” Jenny says calmly. “Let me put in a ticket and stop further emails.” .

Bullet raises his voice. “How quickly can you add MXINSPECT on the rest of us?”

“Now,” Jenny says.

“Add the training too,” Bullet blurts out.

Cressida yells, “HEY! I just got another email from THAT bad actor. But thanks to eMazzanti training and MXINSPECT, ”

UPCOMING VIRTUAL EVENTS

Demystifying Cyber Security for SMBs

sb-cyber-security-master-class

The continually changing threat landscape requires us to update best practices and add new concepts to keep your organization safe.

SESSION 4: Cyber Security Strategy
Watch On-Demand

SESSION 5: Cyber Insurance & MFA
Watch On-Demand

SESSION 6: Threat Detection | JAN. 15

Microsoft Copilot
Master Class Workshop

sb-microsoft-copilot-master-class

eMazzanti will host 60-minute Master Classes, that speak to how AI can help your business streamline and grow.

In each session, you will have Artificial Intelligence and Automation explained, view a live demo of Copilot, and see it live in action in a dynamic format.

RESOURCES

Cyber Security Awareness Hub

sb-Cyber-Security-Awareness-Hub

Cyber Security Awareness Kit, designed to be delivered to your team in bitesize chunks.

We are sharing the resources and highlighting services your organization needs, covering everything from multifactor authentication to software updates, showing your users just how easy it is to improve their security posture.

Resource Library

sb-resource-library

Insights to help you do what you do better, faster and more profitably.

> Tips to Stay Protected Against Phishing Attacks

> Understanding Ransomware 

> The 6 Known Wi-Fi Threat Categories Targeting Your Business and How to Defend Against Them

> Practical Advice for Avoiding Phishing Emails

Recent Articles

NEWSLETTER

Categories