HIGH PRIORITY
π« Ticket #4474
ClientβοΈ Pemberton & Quill, Attorneys at Law
Submitted byMs. Quill (Partner)
Assigned toMabel
TypeRemote β Security
Module16 β Security Strategies
ObjectiveCore 2 Β· 2.4 β Social engineering, threats & vulnerabilities
Subject: Suspicious email asking us to "confirm" our document-portal login
One of our paralegals received an urgent email this morning that appears to be from our
document-management provider. It says our account "will be suspended in 24 hours" unless we
click a link and re-enter our portal username and password to verify the account. The logo
looks right, but the sender address is a string of random characters and the link, when hovered,
points to a domain I don't recognize. Nobody has clicked it yet. Given the sensitive client files
we hold, I want to know exactly how to handle this. β A. Quill
β Ms. Quill
Mabel's note: "Lovely instincts on the firm's part β they hovered the link and didn't click. We reported the message, confirmed with the real provider that the account was perfectly fine, and turned on multi-factor authentication for the whole office. And Ms. Quill, dearβ¦ we really must talk about those sticky notes. I'll bring tea. β Mabel"