avatarMark Tey 🦊

Summarize

Phishing or Legit?

How I quickly verified a Teams’ message from a stranger

Photo by Dimitri Karastelev on Unsplash

3:13 PM — I was working when I received a message on Microsoft Teams.

I didn’t know the person, but it said something like:

Hey, how are you? We’re changing to a new VPN service, and the current one will become unavailable soon. Can we have a quick call to walk you through the setup? It shouldn’t take you more than 5 minutes.

It seemed legitimate enough for several reasons:

  1. It was well-written and casual (matching our usual tone).
  2. It was plausible that the VPN was going to be changed. It can perfectly happen now and then, and I had heard something about it some time ago.
  3. His email address was from our domain.
  4. He was registered with quite a common name, profile picture, position, and place in the organizational chart.

Nonetheless, if there is something I learned working in Cybersecurity over the past few years, it is that when it comes to phishing, you should never make assumptions based on appearances. It applies to anything in life to speak the truth.

There are very lame phishing attempts that make me laugh my ass out of how poorly devised they are. But there are also sophisticated attempts that look totally legitimate — and at first sight, you would never notice.

So, I did what I had to do. First thing, I posted it on my team’s chat to ask if someone had heard about it or received a similar request. Then, I did a background check on the person.

Spoiler alert. I understood it was indeed legitimate.

The person who contacted me was a legitimate employee that I could verify through Teams and LinkedIn, and a bit later confirmed by my team. I had even exchanged emails with this person two years ago where we had requested him to help us with something.

Although all this suspicion seems unnecessary, it wasn’t.

Phishing lurks out there, often targeting specific people with nearly foolproof tactics, especially in the proper context that will make sense for you at a given time. And it will happen in big or small organizations. Or even target you at home.

Did you ever fall for phishing? I did once, but that’s a story for another time.

This one was just a small lesson to keep in mind when you receive messages or emails from someone you don’t know. Or even from someone you know. Better be safe than sorry, right?

Cybersecurity
Infosec
Tech
Awareness
Technology
Recommended from ReadMedium
avatarPine Damian
Mobile Phone Hacking

Disclaimer!

7 min read
avatarZeusCybersec
5 Ways I Can Find Your Deleted Files as An Ethical Hacker!

Computer Forensics for File Recovery

9 min read
avatarLogicTech
Free 10 YouTube Channels To Learn Hacking

YouTube Channels To Learn Hacking

3 min read
avatarMohammed Waleed
How OSINT Helped Me To Find User Credentials And Discover An OTP Bypass

3 min read
avatarTyler Wall
Day in the Life of a SOC Analyst

I am about to explain to you what an $880 a day life of a SOC analyst. To give you some background, I didn’t just wake up one day and…

8 min read
avatarABDELKARIM MOUCHQUELITA
How I Found My First RCE !

Unveiling My First RCE Journey

3 min read