What a Phishing Attack Looks Like Up CLose

On a typical morning I have about 30 new emails in my personal inbox, and 40 in my work account. You know how it is. I archive what I don’t want, scan part of a newsletter, click through to a coworker’s Google Doc, and click “track my package” more often than I’d like to admit. It’s all pretty standard stuff.

These days, though, I face my inboxes with grim determination. Because for about five weeks this spring I was under attack by a team of hackers from the company PhishMe whose goal was to … phish me. I had given company CTO Aaron Higbee my personal and professional email addresses, and full permission to trick me into clicking on a malicious link, downloading a nasty attachment, or visiting a bogus site where my personal information could be compromised.

If you think that might instill a certain depth of paranoia, you’re absolutely right. Every email from my doctor could be fake. Every shared album of vacation photos, a trap. I knew that they were coming for me. I just didn’t know when or how.

Hyper-vigilance is a surprisingly difficult thing to maintain if you’re not used to it. And by the time the first phish hit my personal inbox, three weeks into the process, I’d already slacked off a bit.

Continue reading…