FeneTech: A Phishing Story—Part I

Date: 26 October 2020
  • AJ Piscitelli, PMP - Project Manager | ERP Solutions Provider | Cloud Architect
  • FeneTech, Inc.

Date: 26 October 2020

What is phishing and how do you know when you make be the victim of it? AJ Piscitelli, PMP gives a real life example in his most recent blog post. Stay tuned for more real life examples!

As we head towards the end of National Cybersecurity Awareness Month, I thought I’d discuss what I consider one of the most dangerous cyber threats today: Phishing. Phishing is when attackers try to steal personal information from you by pretending to be someone else, fake surveys, or other forms of social engineering. It is the most successful strategy that attackers use to gain access to your network. Attackers are getting more and more sneaky and creating more ingenious traps to capture your credentials and personal information.

We hear about phishing all the time, but what is not often discussed is a real example of an attack. Fortunately, I connect and talk with many IT experts, and I often hear about their actual experiences with attacks. I think it is important to share these with others to help spread the knowledge around. If you would like to discuss some of your stories, please let me know!

This story will discuss one case of phishing (with names changed, of course), the impact that occurred, as well as the mitigation steps taken after the fact. This story is from an IT vendor at a small contracting firm called “ABC Contractors.” This is what I would consider a very mild attack. While it is not the most exciting of stories, it is a true story and does a good job of highlighting how easily an attack can occur.

Lastly, if actual examples like this are of interest to you, please like and let me know in the comments below. It helps me determine what content is of interest to you.


In the morning, I received an email from the president of one of my clients. “Is this legit?” It’s not unusual for me to get these emails occasionally. I don’t mind seeing these emails, as I’d rather be safe than sorry. I get so many emails though that sometimes I don’t see them for a few hours. I worry that the damage might already be done. I examined the email forwarded to me. It’s from Jerry Cruz. I look at the link, and it is pointing to a OneNote document. I’m not intimately involved with the inner workings of this customer, so I’m not familiar with Jerry or his company. Before I click on the link, I do some digging.



I check the email headers, it passed all of the spam checks, and SPF and DKIM records appear OK (I’ll cover SPF and DKIM in a later blog post, but know that they are part of a system used to combat email spam and spoofing). The address isn’t spoofed or a mistyped domain, either. I look into the domain and the company to make sure they are legitimate. Everything looks OK about the company, but the OneNote link sets off a red flag. I follow up with the president to ask how well he knows the company, and whether they have worked with this person before. He confirms that they have worked with them on numerous occasions, including Jerry, as he is their account rep.

The company in question does bonds for large construction projects. We’ll call them XYZ Surety. Now a lot of these financial companies use third-party products like DocuSign and others to process legal documentation. But it just doesn’t feel right, and I’ve learned to trust my gut over the years.

I load up a secured Linux computer to do some investigation. A secured Linux machine can provide some level of protection over a standard Windows instance, but it’s not 100%. So I take some extra precautions by isolating on the network and sending all of the traffic through a VPN. Paranoid? Yes. But they are indeed out to get us after all!

I know clicking on the link at a minimum may, and often does, let the attackers know that the email address is real. However, if what I suspect is true, they already know it’s real. I click on the link inside my secured environment to see what is waiting for me.

The browser loads up a OneNote document with yet another link inside. This one is a link claiming to be a DocuSign page. Looking at the link, it points to something within Google Cloud’s offering. Let me emphasize this, not Google, Google Cloud. Anybody can run anything on Google Cloud (at least for a while before they catch you violating their Terms of Service). I’m sure at this point it’s an attack. They put in a lot of work to avoid detection. I send an email back to the president at ABC: “Don’t click on it. Scam.”

Now I could have stopped there, but I wanted to find out what they were after. I loaded up a website that previews other websites for safety. Again, I know this lets the attackers know that the email is held by a living, breathing human, but I also know they already know that. My request yields an image of what would have been presented to me: a fake Microsoft Office login page. This page was created to capture username and password combinations. This was phishing. I report the Google Apps server to Google for scamming for them to address.

Looking back at the OneNote, I see that it does indeed belong to XYZ’s Jerry Cruz. This is particularly alarming, as it confirms the worst-case scenario: The attackers have full access to Jerry Cruz’s Microsoft account. They can see all emails, including past emails, any OneDrive documents, any SharePoint documents, etc. What is particularly concerning is that XYZ deals a lot with financials, project plans, and other highly confidential information. ABC’s confidential information is now exposed by XYZ, all because Jerry Cruz’s account was compromised.


As an IT consultant, I like to call the company and discuss the attack with their IT personnel. I feel that we should strive to make each other safe and help where possible, even if it is a competitor. In the end, we are all just trying to keep our users safe.

I called XYZ Surety’s main number and reached the receptionist, Sally.

Me: Hello, I’m the IT guy for ABC Contracting, one of your customers. Can I speak with someone in your IT department?

Sally: What is this regarding?

Me: One of your employees has had a breach, and I’d …

Sally: We already know about it.

Me: OK. Umm, I still like to discuss with them the details of the attack so that …

Sally: They are handling it.

Me: OK … Thanks ….

It is not the response that I like to see, but at least I know that they are aware of it. I let the President of ABC know the details and the impacts of what was exposed and leave it up to him how he wants to address this with XYZ Surety. I feel like I have done good work today. In the end, my users are protected, Google will address the phishing site, and the person who was attacked is already in remediation within his company.

Or so I thought …

I hope you liked the first part of this story. Make sure you subscribe to my posts, as I’ll release the conclusion of this story, including how to protect yourself against these attacks, next week. Again, if you like these types of stories, let me know in the comments below.

600450 FeneTech: A Phishing Story—Part I glassonweb.com

Others also read

The simulation tool provides an accurate definition of the internal pressure, deflection and stress on glass panels and forces through the sealant silicone with a reduced pre-post and calculation time, being ideal for parametric studies.
The determination of interlayer modulus data is complex.
High-performance interlayers add to the stability, design flexibility, and adaptability of architectural glass
From domed skylights to curved handrails, revolving door enclosures to building enclosures, the dramatic curves of bent glass offer architectural form and function.
The main goal of all fire-rated glass is to compartmentalize fire to enable safe exit. It is most commonly used around egress areas, property line walls, stairwells, and points of exit.
Elegant glazing - from walls to slabs - clads a residential tower.
Computer scientists develop a design tool that opens up the use of a cost-efficient technology for curved glass panels. The tool is based on a deep neural network and allows for the free-form design of beautiful glass façades.
Held in Düsseldorf from 15 to 18 June 2021 glasstec will pick up on the latest glass trends related to shapes, formats and structures.
This is the second part of a true story from an IT Vendor dealing with a phishing attack at a small contracting firm, “ABC Contracting”.
Two plus two does not equal one!
Traditional uses of glass have been reinvented by two architectural firms, who artfully use glass and interlayers to achieve very different design goals.
According to the American Bird Conservancy (ABC), glass collisions claim the lives of up to a billion birds annually in the U.S.


Am Pfahlgraben 4
35415 Pohlheim

Polígono Lalín 2000
36512 Lalín Pontevedra

Ctra. Estación Km. 15.8
44415 Rubielos de Mora Teruel

Add new comment