In my work email this morning was the below email:
Sent: Wednesday, May 04, 2016 11:52 PM
To: Bogardus, Brian [INDAUTO/ASCONUM/USAK]
Subject: Account Owner Questionnaire
As of May 1, 2016, all account owners will be legally required to digitally sign and provide response to the employment history questionnaire. This questionnaire helps develop a more complete profile of our employees for reporting purposes.
Please confirm and update your questionnaire immediately via the link below.
Career Services Team
It has phishing scam written all over it. Because the Valve Store(TM) is part of the Emerson Corporation all our email addresses are @emerson.com, this email, if you look quickly, appears to come from the home office, but it doesn’t, it comes from er nerson.com. Career Services? Never heard of it. And if this sort of action was required of us we would have already had a couple of emails ahead of time informing us that this action would be coming up on a certain date.
The clincher was if you hover over the Click Here link in the email (go ahead, I copied it here) you will see the URL that you would be taken to and it was the word phishing right in the link, thus signifying it probably really wasn’t a phishing scam. To double check, I opened a browser and entered mediapro.com and I was taken to website that sells Privacy and Security Awareness Solutions.
It was a phishing test from corporate. Every couple months we get one of these things to test our awareness of this type of scam. From my informal survey around the engineering area we are definitely getting pretty good at not falling for them.
Later in the afternoon this email showed up in my inbox:
From: Help Desk, ASCO Numatics US
Sent: Thursday, May 05, 2016 2:57 PM
To: ASCO Numatics US DL
Subject: Phishing Attack Notification
ĎAccount Owner Questionnaireí
OVERVIEW: Reports have identified a malicious email circulating on the Emerson network. The attack appears to be related to an online questionnaire in an attempt to lure users into clicking on and opening a malicious hyperlink.
DATE EFFECTIVE: Immediately
IMPACT: All Emerson Employees and Contractors
DETAILS: The following malicious email is an example of what has been reported throughout the Emerson network. Please be aware these e-mails may vary slightly.
<Copy of Above Email>
Please report all suspicious e-mails to firstname.lastname@example.org. (Please note that the phishing e-mails quarantined by IronPort in your Outlook mailbox need not be reported; only the e-mails that gets through the spam filters.)
ACTION: Always use caution when opening an e-mail from an unknown or untrustworthy source. As an e-mail and web user, beware of any suspicious e-mails, e-mail attachments, or unknown Internet locations. Blah, blah, blah…
So this second email effectively kills the test.
I went up front and asked our new IT guy Matt why. He of course recognized the phish for what it was and he had a few people ask him it was real or not. And he had a couple people ask him if he was going to send the warning email like John Smith used to, but he couldn’t because he had emailed the Help Desk in Florham Park to ask if he should send out that boilerplate email, but was told no. So I asked him why did one finally come out. His answer was probably one of the Division IT Directors or maybe the VP of IT got tired of answering the “Is it real” question and ordered it sent.
I asked Matt do they ever get the results and he said no, but you can bet if enough people clicked on the link we’d hear about it in some form of company-wide email phishing recognition training.
Started down, went up, still up.
Miata Top Transitions since 06/25/15: 166