My Close Shave With a Hacker that Could Have Ended in Disaster

March 22nd, 2017 - Category - Cyber Security

The reason I’m sharing this story with you, is to drive home the fact that anyone can fall for the methods that cyber criminals use to gain access to your company accounts.

Luckily, I realised in time what was happening, and quickly stopped. If I had carried on, the consequences could have been disastrous.

How I Almost Gave a Hacker my Email Password

I had been working from home, and instead of using the Outlook application on my PC, I signed into my email account through Microsoft’s online web access.

When I got into the office, I had an email asking me to review unexpected account activity. The email appeared to be sent from a Microsoft domain, and it looked just like other emails I have received from Microsoft, complete with their corporate branding.

Not actually reading it thoroughly, I hastily clicked on the blue button to inform them I recognised the account activity. I was hoping to prevent any future problems signing in, and also to ensure I did not get any more emails like this in the future.

When I clicked on the button in the email I was taken to what looked like the Microsoft log-in page. It was asking me for my email address and password.

Fake Microsoft Login Page, Hacking, Netstar IT, Impersonation

Fake E-mail login page


Thankfully, this raised a big red flag to me, so I left the page and inspected the “Microsoft” email more closely. It wasn’t from Microsoft. There were a few other subtle red flags that I would have noticed if I hadn’t been so hasty.

I told the rest of the office what had happened, and even though I’m not an IT engineer, anyone working for an IT Company (even in marketing), should have known better. I quickly became a point of ridicule for my foolishness. Thankfully no harm was done because I didn’t enter my login details on the page I was taken to.

It’s Scary What a Hacker Can Do With Access to Your Email

Once you’ve given a cyber criminal your email address and password, the potential consequences are severe and far reaching.

A cyber criminal with access to your email account could:

  • Get into any other account you have by resetting the password using the “forgot password” link with your email address.
  • Send emails to your colleagues or clients
  • Instruct people to transfer money
  • Go through your old emails and find sensitive data in attachments you’ve sent, or that’s been sent to you.
  • Access your file sharing system and go through all of your company’s data, even copying it all, deleting it, or holding it to ransom.
  • Access your file storage and upload ransomware, encrypting everything.

Don't give access to your information, stolen data, passwords, thieves, cyber criminals, hacker, ransomware IT problems

Cyber Criminals Only Need to Get Lucky Once

I regularly write articles about cyber security to can educate our clients. We partner with KnowBe4 which provides Security Awareness Training sends out safe phishing emails, for training purposes.  I have experience with these emails – yet I still fell for this one.

If I can fall for one of these emails, then there’s quite a good chance at least one of your employees will be caught out by similar tricks at some point.

Cyber criminals are now far more sophisticated than they used to be. They send emails that look exactly like the real thing, and use very convincing webpages designed to get you to put in your log-in details.

It almost worked with me because they stumbled upon the right formula at the right time (an email requesting me to review activity sent just after I happened to use that service in a different manner to my usual).

The cyber criminals only have to get lucky once. You have to be on your guard every single time they send you an email.

How to Ensure You Don’t Give a Hacker Your Password

There’s several things you can do to prevent yourself or your employees from falling for these sophisticated phishing attacks.

Stay Cyber-Secure

Download our IT Security Policy here and use it as a checklist.

Alternatively, you can chat to one of our trusted advisers on 02036 574 489 or fill in a contact for here.



PhishingTopics: Cyber Security

Related Articles

About Mit Patel

Mit - Managing Director. In 2002, Mit founded Netstar. He has helped grow Netstar to become an indispensable partner to some of London’s finest businesses, including well known names in the Financial Services industry. Mit works across all aspects of the business including strategic planning and key account management. Mit is focused on ensuring the delivery of a high quality service, and providing strategic value to help our customers overcome their business challenges.