A couple of weeks ago, I received an email inviting me to a black tie event put on by "the site management team". I didn't recognise the name and assumed it was meant for a different division. When I pointed it out to one of my colleagues, they said that they had not received that email.
That is when we looked closer. The email was sent on a Friday and stated that the form needed to be filled in by midday the following Monday. The email was addressed from someone who was not in the corporate address book. The form that was linked to was not one on our intranet1.
I reported the link as a phishing attempt and made some enquires. We are fairly sure that this was a trial to see what different employees did when receiving a suspicious email2.
One of my other colleagues said that they could have come up with a better ruse. "The Management" offering a free night out ought to make anyone suspicious.
- Though it was difficult to tell because proofpoint had altered the url to redirect to their servers first ↩
- For this reason, I didn't post about it immediately ↩