They targeted Donna from Marketing. Donna doesn't report to Nick the CFO, so the scammers assumed she doesn't have Nick's phone number in her contact list. Also, they sent the text message over the weekend to make it feel more urgent and probably Donna wouldn't want to talk over the phone on a weekend.

To make this feel urgent, the scammers crafted a fake complaint letter from a key customer. They made it seem like Donna did something wrong and she needed to fix it ASAP.

The Scammers personalized the link with Nick's name and they made it feel like a secure drive, with the hopes that Donna will think it's legit.


Next, they tell Donna that Nick wants to talk to her on Monday in order to build credibility. If this was a scammer they wouldn't need to meet on Monday... all these small things build Trust.


Donna takes the bait and clicks on the phishing link, she logs into a Fake Google Login Page with her real user name and password.


And in order to close the loop so Donna doesn't realize she was hacked and reports this, they displayed a fake complaint letter. This gives the criminals enough time to take over the account.


How To Avoid This Type Of Attack

1) Don't Automatically trust anyone, even if you think you know them. Digital identities aren't the same as meeting someone in person.

2) Call and verify with your Admin, Company, or Person, the authenticity of the request.

3) Make sure you have MFA turned on. It’s better to use Authenticator Apps (Such as Google or Microsoft Authenticator) or even a hardware security key instead of Text based authentication.
4) Never share security codes with anyone - including automated systems that contact you out of the blue.
5) Share less! The more an attacker knows about you the easier it is to hack you.
6) Use Wizer Free Security Awareness to train your team


Gabriel Friedlander
Written by Gabriel Friedlander

I founded in early 2019 with a mission to make basic security awareness training free for everyone. Since then Wizer has been rapidly growing with over 3000 organization who signed up for our free training. And in 2020 we partnered with several local counties to offer free Citizen Training. We believe that in this day an age, security awareness should be a basic human skill.