The day I fell for a Phishing Email
Andy Poulton here, your Chief SEO officer and the person who frequently writes about the need to be aware of scams arriving by email and the need to keep your passwords complex and not duplicated.
Well, guess what? I just fell for a Phishing email. And it serves to indicate that you can’t let your guard down for a single minute – because that’s what I did.
Background to the scam
I have a couple of domain names of my own and a number of clients who’s websites and domain names are hosted by One.com. I knew 2 domains were up for renewable in October 2023, I’d had reminders and even received invoices for the renewal but had yet to pay the bills.
It was the last full week of the month and I needed to get around to it. So, on Wednesday 25th I was working on a project, mentally creating a to-Do list and thinking about other tasks that needed completing too – so I think all of my mental capacity was in use.
Then, this dropped in my inbox. Yes, looking at it in hindsight shows how flawed it is but, with minimal spare mental capacity I just thought “heck, lets just get it done and dusted” and without paying any attention to anything in the email, quite the opposite of the advice I regularly hand out, I clicked the “Pay your invoice” link.
I landed on a familiar looking page and paid no attention to anything bar the credit/debit card details boxes. I filled them in with genuine information and clicked “Submit”
The page cleared and I was left staring at the “buffering” spinny wheel of death for much longer than I should have been. (Probably no more than 20 seconds) and it was at this stage that my intelligence finally kicked in.
I went back and read the email. Of course it wasn’t from One.Com
I took a fresh look at the payment page, realised the error (stupidity) of my ways and panicked.
My vision saw my card details being sent to a lovely bunch of scammers who, with the Fullz (pretty much everything they needed) were rubbing their hands in glee that another fool had fallen for their tricks and were opening up the online stores, ready to go on a spending spree.
I opened my business banking app, saw that nothing had yet been taken and phoned my bank from within the App. My call was answered quickly and I was put through to the Fraud Department. I explained how stupid I had been, asked for my card to be cancelled, and requested a replacement. Which arrived just 2 days later.
I then conducted 2 complete virus and malware scans of my PC using 2 different anti-virus applications just to make sure that nothing nasty had been downloaded.
I also checked my account at least twice a day (and I still am – just in case). It seems I have had a lucky escape. Nothing has been spent on my account.
So, this is a warning. No matter how much pressure you may be under, please check carefully, every time you respond to an email demand for payment.
Be careful out there.
And if you need help with your Digital Marketing, SEO, Email Marketing, Social media etc don’t hesitate to get in touch. I won’t spam you and I certainly won’t share your details with spammers and the like.