ProAdvisor Blog

Phishing – Would you catch the signs?

Posted on | Posted in News & Updates

Recently I was working on my system when an email alert showed up in the corner of my screen from Outlook; I opened the message and almost didn’t know I faced the danger of being a victim of phishing malware. Normally, I am very aware of suspect emails. However this day, it makes me realize we are all human.  I had my mind focused on the project at hand and the distraction of an email from a client caught me off guard. This is the message one of our clients sent as follows (I removed the personal details):

Subject: Quote Update

**(name removed) shared the below PDF with you on Google Drive Secure**

Doc00UpdatedQuote83838PDF (hyperlinked to URL)

Please review


At the bottom of the email, there was the full email signature of the client, logo and everything.

Would you catch the signs of a phishing email? In the back of my mind, something didn’t feel right about clicking the document link. The email looked very legitimate. Still, I decided to check its validity.  I sent a quick reply to the client “Hi, This looked suspicious. What is it?”  When he replied he had “no idea”. I knew it was a phishing attack. Most likely, his system had been compromised and malware was using his email program to send an attack to all the people in his contact list.  When someone unsuspecting clicks on the link for the quote PDF, it would take them to a “poisoned” website that general attempts to use a known browser exploit to infect your system.

Minutes later, I received some instant messages from co-workers asking if the quote for something someone else was doing with the client. That confirmed it was a mass email message. Fortunately our staff is trained to be aware of strange emails, even when it looks legitimate.

This reminded me, people are your front line of attack/defense in this cyber war. The phishing messages are getting very hard to differentiate from real messages. I recommend you share this lesson with all your co-workers to help them be aware and “think before you click” (on any link). Proper user training and education is the key. The downside could be lost data, lost hours of productivity recovering your system, or worse.  All it takes is one user inadvertently getting tricked by an email when they are trying to figure out what it is. Please share/use this experience as a learning lesson and prevent your company from becoming a victim.



About the Author: Chris Fraser

Chris Fraser CPA.CITP, CISA, CGMA has over 20 years of business technology and IT risk management consulting experience. He specializes in accounting systems, business process improvement, CIO services, risk management, design, implementation, integration and support of IT systems, business technology and IT assurance services. Chris earned his bachelor’s degree in accounting and his MBA at the University of Florida. Chris has been a speaker several times for the Florida Institute of Certified Public Accountants. He has served a member of the Board of Governors of the Florida Institute of CPAs. He served as a member on the FICPA Finance and Office Advisory committee. He served as chair of the FICPA Business Technology Section and the 2008 Business Technology Conference chair. Chris was a founding member of the young CPA committee and task force member, chaired the membership task force, served on the communications task force, and wrote several articles for CPA Today magazine. He leads the CITP State champions and is a member of the American Institute of CPA’s Certified IT Professional (CITP) Credential Committee. 

Leave a Reply

Your email address will not be published. Required fields are marked *