I know a victim of a phishing expedition, kind of.
They received an e-mail form a colleague that they have known for years. But apparently the e-mail felt off, ever so slightly.
They actually went into contacts and sent an e-mail asking if the party had just sent me the e-mail. Which they confirmed that the e-mail was legit and safe to access the attachment.
So the attachment was opened and it was requesting that log onto MS One Drive to see the attachment. It did not work.
They e-mailed the colleague back, this time through the original e-mail; stating that they could not access the document. This got a response. The colleague’s e-mail had been hijacked and to disregard all previous e-mails.
Great! SO now the tech people have to get involved. After scans are done, and the MS online software password changed, the effect was minimal.
It helps to be working with a team that has set-up protocols to protect even those who are typically careful. DO you have protocols in place for such an incident?