The Vexatious Vendor

The Vexatious Vendor

Greetings everyone, Detective Cy’s back again! Did you know that many attempts to steal your private information are hiding in plain sight? In fact, one administrative assistant working at a local school recently became a victim simply by trying to communicate with a vendor!

Typically, an administrator won’t think much of frequently exchanging emails with regular business contacts. It was while finalizing a contract for new school supplies that our subject became complacent and failed to carefully inspect the vendor’s email. What they thought was a link to an invoice was actually a one-way ticket to ransomware in disguise!

After clicking the link, the administrator was taken to a blank webpage. They thought that the computer was having trouble loading the website, but the blank page was merely a distraction. Behind the scenes, malware began to automatically download onto their computer. It wasn’t until the administrator called the vendor and mentioned that they were having trouble retrieving the invoice that they realized something was off. They asked if a PDF copy of the invoice could be sent instead, but the vendor claimed that the invoice was never prepared in the first place!

Immediately following the call, the administrator contacted their IT department to investigate the strange email. The IT specialists were able identify the download that had occurred and locate the malware. Fortunately, they were able to isolate and remove the malware before any significant damage could be done.

This could have easily been avoided had the administrator contacted the vendor to verify if an invoice had been sent. They also could have hovered their cursor over the weblink to see that it didn’t go to the vendor’s site.

Lessons Learned:

  • Verify any links that are sent to your email by responding to the original message or calling the vendor.
  • Hover your mouse’s cursor over links to verify that they are associated with a trusted webpage.
  • Only visit sites with “https” in the URL to ensure that the connection between your computer and the vendor is secure.
  • If you receive a suspicious email, ask your IT department to investigate the message before opening it.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email


Credential Copy Crisis
Detective Cy

The Credential Copy Crisis

Hello readers, Detective Cy here! Did you know that using the same password for all of your accounts drastically increases

email impersonator
Detective Cy

The Email Impersonator

Hello all, Detective Cy here with a story about phishing! Is it possible that an email from your employee could