You're safe this time, but you got lucky!

You should not have clicked that link. Here's why:

Fortunately for you, this was a harmless test we conducted on behalf of your employer to help educate you on the dos and don’ts regarding suspicious emails.

This email was not sent from someone you know. It was a fake phishing example to show you how easy it is to innocently fall victim to a bad actor trying to get access to sensitive information such as financial info, customer or patient info, corporate info, usernames and passwords, etc. Unfortunately....


Of security attacks target small business.


Of these cyber attacks are phishing scams that happen just like what you experienced now.


Of hacked SMBs go out of business in six months.

How can you detect phishing scams in the future?

Always double check emails from people you know, especially if the message is requesting you to do something quickly without much supporting information. Call or check in with the person via another method than replying back to the email you received as you will likely end up communicating with the bad actor who is trying to phish you! Whatever means you use, make sure you are 100% confident that the message came from the correct person before sharing any sensitive information.

Go back to the email you received that lead you here as an example. See if you can spot where it looked fake. Scammers can spoof the from name and from address in an email, but they cannot spoof the mailed by attribute. For example, if you're using Gmail, you might see "via cmail19.com" next to the name of the sender (see below).

Gmail mailed by attribute example

What's the worst that could have happened?

Opening an email is mostly harmless, but clicking a link to a webpage allows scripts and code to run on your device. This malicious code can infect your device as well as other devices you connect to and capture sensitive information without you knowing!

Don't fall victim to phishing scams!