The Vexatious Vendor

The Vexatious Vendor

Greetings everyone, Detective Cy’s back again! Did you know that many attempts to steal your private information are hiding in plain sight? In fact, one administrative assistant working at a local school recently became a victim simply by trying to communicate with a vendor!

Typically, an administrator won’t think much of frequently exchanging emails with regular business contacts. It was while finalizing a contract for new school supplies that our subject became complacent and failed to carefully inspect the vendor’s email. What they thought was a link to an invoice was actually a one-way ticket to ransomware in disguise!

After clicking the link, the administrator was taken to a blank webpage. They thought that the computer was having trouble loading the website, but the blank page was merely a distraction. Behind the scenes, malware began to automatically download onto their computer. It wasn’t until the administrator called the vendor and mentioned that they were having trouble retrieving the invoice that they realized something was off. They asked if a PDF copy of the invoice could be sent instead, but the vendor claimed that the invoice was never prepared in the first place!

Immediately following the call, the administrator contacted their IT department to investigate the strange email. The IT specialists were able identify the download that had occurred and locate the malware. Fortunately, they were able to isolate and remove the malware before any significant damage could be done.

This could have easily been avoided had the administrator contacted the vendor to verify if an invoice had been sent. They also could have hovered their cursor over the weblink to see that it didn’t go to the vendor’s site.

Lessons Learned:

  • Verify any links that are sent to your email by responding to the original message or calling the vendor.
  • Hover your mouse’s cursor over links to verify that they are associated with a trusted webpage.
  • Only visit sites with “https” in the URL to ensure that the connection between your computer and the vendor is secure.
  • If you receive a suspicious email, ask your IT department to investigate the message before opening it.

Share this post

MOre POSTs

Municipality
Detective Cy

The Gift Card Grift

Hello all, Detective Cy here! Did you know that there has been a significant increase in cyber-attacks since the beginning

Education
Detective Cy

The Suspicious Student

Hello everyone, Detective Cy here with another lesson on staying cyber safe! While most people know to keep their password

Municipality
Detective Cy

Water Treatment Trouble

Hey all, Detective Cy here again! While doing some research on cybersecurity crimes, I recently discovered that the number of

Education
Detective Cy

The Harmful Homework

Hello everyone, Detective Cy here with another lesson on staying cyber safe! Did you know that even if an email

Education
Detective Cy

The Unexpected Encryption

Detective Cy was in her office researching why so many attacks have been happening recently when she received a call.

Credential Copy Crisis
Municipality
Detective Cy

The Credential Copy Crisis

Hello readers, Detective Cy here! Did you know that using the same password for all of your accounts drastically increases

email impersonator
Municipality
Detective Cy

The Email Impersonator

Hello all, Detective Cy here with a story about phishing! Is it possible that an email from your employee could