This morning I received a phishing attempt from a person I know, albeit not very well. Martha is a church friend, someone that I’ve met on a handful of occasions, but not one that I would expect to receive email from that wasn’t directly related to a project at church. This morning, though, I received a phishing attempt from “her”, and I got to thinking, what should you do when you begin receiving phishing attempts from friends?
In this instance, it’s pretty clear that my email provider believes this is a phishing attempt, and I agree with them in this case. Their banner is clear, they are warning me to be on alert, that this may be trouble if I do anything with this email.
In cases like this, as I mentioned, if it’s a phishing attempt, the initial response is to just delete the message and move on. But when it’s someone you know, my instinct is to also notify that individual so that they can be aware of the attempt, especially if they are not aware of the activity.
There are a few scenarios that could apply in this circumstance:
- Your friend may actually be sending phishing attempts on purpose (not very likely)
- Your friend’s email account could be compromised, and someone else could be sending them without their knowing. (Maybe, but still less likely in my opinion)
- Someone else is sending phishing attempt emails and spoofing (forging) the email from to be someone other than the person sending the email. This could be done automatically as the result of a virus on a computer or via a manual process. (much more likely scenario)
In this instance, what I did was to send an email to Martha, letting her know that I received the email. Normally, my suggestion in this case would be to communicate with Martha via a different communication mechanism, for example, by phone if you received an email, or something like that, but in this instance, all I had was her email address, so I communicated that way.
When you receive a phishing attempt from someone, what do you do? Just delete the email, or attempt to notify them? Let me know your thoughts in the comments, and thanks!