I have an urgent task for you, are you able to help me? I am in a meeting currently so no calls, please respond through email only.

Okay so maybe I don’t actually have an urgent task for you, but that statement probably sounds familiar. It is a common message in a phishing email attack. While researching this post I found articles ranging from 2019 through 2023 alerting to this particular message type.

These particular phishing attacks typically pretend to be your boss or the owner of the small business. They also can come from vendors your small business uses or other partners of yours. The phisher is hoping to have a short email conversation with you, usually asking for gift cards, money transfers, or to switch payment accounts between your business and them.

Is this legitimate

Here is a real world example of what these emails usually are like. Please note I did change the signature of the email to have a little fun and to protect the person the phishing email was impersonating. 

“Hello, Are you less busy at the moment? Please, I want you to carry out an urgent task for me right now. I am going for a meeting now, no calls so kindly respond via this email thanks.

John Q. Cyber.

CEO,

CyberScams Center.

Sent From MyPhishMail.”

Trust but verify

This is one of cybersecurity’s most popular sayings. It is also one of the most important steps you can take in protecting yourself from falling victim to phishing attacks. What does trust but verify mean though?

It can mean a few things depending on the situation you are in. Trust but verify in this instance means you should reach out directly to the sender of the email. You can do this by stepping into their office or by calling them at a known legitimate phone number. With these types of phishing emails, I do not recommend emailing them at a known legitimate email address as the phisher may have access to their email. I also do not recommend texting them just in case they are in possession of their phone either. 

In the example above, I quickly identified this was a phishing email, so I never replied and deleted the message. However, if I was unsure I would have reached out directly to the sender to verify if they really sent the email.

It is important to stay diligent about phishing emails; they never stop coming. The hope of the phisher is for you to get tricked because you got lazy and let one slip through your cybersecurity cracks. So the next time you see an email with an urgent task for you, trust but verify!

To learn more about cybersecurity threats, trends, and topics with a focus on small business, check out Small Business, Big Threat!

Cybersecurity