Email from Amazon Web Services in a mobile inbox, potentially hiding a passive attack.

I Fell for a Phishing Scam

I just fell for a phishing email.

Yep, the guy who builds services to protect clients from phishing emails was tricked by a phishing email!

Now, I didn’t click on anything or give up confidential information but I did think a phishing email was a real email and forwarded it over to my staff to take a look at.  It was embarrassing when my CTO pointed out that this was clearly a phishing email.

Email from Amazon Web Services in a mobile inbox, potentially hiding a passive attack.

A technical support email interface illustrating how to spot common passive threats. A phishing alert interface showing how to prevent a breach cyber security. Here’s how it happened:

    1. I was in the middle of dinner (along with a glass of wine) and checked my email on my iPhone (the first mistake was interrupting dinner to check my email but that goes along with the joys of being a CEO).

 

    1. I wanted to quickly swipe through my email and get back to dinner and conversation with my wife. I saw an email for Amazon Web Services (AWS) – which is our hosting platform for our SasS cybersecurity services.

 

    1. It looked like an email from Amazon Web Services and usually, I am copied on these types of emails. This is not out of the ordinary and I just assumed we were working on a technical issue that this email was in reference to.  I opened the email.

 

    1. I looked at the email and saw that whatever issue we had seemed to be resolved. I couldn’t figure out what the issue was so I forwarded it over to our CTO and Sr. Systems Engineer to take a look at it.  I put down my phone, took another sip of wine, and got back to dinner.

 

    1. My CTO easily spotted that this was a phishing scam and was nice enough to respond to my email and let me know.

 

    1. At that point, I knew that I had fallen for a phishing email because I believed it to be legitimate. Luckily, my CTO spotted the email and didn’t click on any of the links.

 

    1. Feeling a little embarrassed I decided to run it through our Catch Phish Outlook Email Analysis Tool. Sure enough, Catch Phish told me that this was clearly a phishing email.  1) The language in the email came back as “Likely” to be a phishing email.  2) The sending domain was different from the rest of the links in the email – a clear sign that this was a phishing email. 3) The country that the email was sent from was Iran, clearly not our US-based AWS services.

 

    1. To my defense, on my iPhone, the actual sending email domain was not visible. It appeared to be a legitimate email for Amazon Web Services.  We have received many emails from AWS so I was not phased or put on alarm by receiving this email.  On my desktop (which I checked afterward), it was much clearer that this email did not come from AWS.

Warning for domain mismatch to help prevent a breach cyber security in phishing emails.

Key takeaways:

      • Anyone can be tricked into falling for a phishing email. Given the right time and the right email message, anyone can overlook a phishing email.

     

      • Humans make mistakes (even the guy who posts about phishing all day long). Humans have preconceived notions (in this case – this is an email from AWS, something I believed was probably a support case that I was unaware of).

     

      • Phishing detection tools such as Catch Phish are absolutely needed. Catch Phish didn’t have a preconceived notion.  It saw that the domain was spoofed.  It saw that the email originated from Iran.  It analyzed the language (using artificial intelligence and machine learning) to point out that the email was not legitimate.

     

In conclusion, I am embarrassed that I was tricked.  I am happy that my CTO spotted the phishing email and no harm was done. I could’ve easily swept this under the rug but thought that this was a good story to share. Phishing is really dangerous!  Trained employees can fall for scams.  Untrained employees stand no chance at spotting fake emails.  Automated tools such as Catch Phish are absolutely needed to help spot phishing emails and protect employees.

badge w light burst white (1)
Exclusively for Our MSP Partners

Now Available: Gen AI Certification From BSN

Lead Strategic AI Conversations with Confidence

Breach Secure Now’s Generative AI Certification helps MSPs simplify the AI conversation, enabling clients to unlock the value of gen AI for their business, build trust, and drive growth – positioning you as a leader in the AI space.

More on blogs

Why Continuous Training Beats One-and-Done Cyber Awareness

Cyber threats evolve constantly, which means annual cybersecurity training is not enough to keep employees prepared. Learn how continuous training, phishing simulations, remediation, and short

The AI Boomerang Effect: Why Companies (and AI) Still Need Employees

The AI Boomerang trend is proving that AI does not eliminate the need for skilled employees. Instead, organizations need people who know how to use

From MSP to MIP: BSN’s Key Takeaways from Pax8 Beyond 2026

The BSN team returned from Pax8 Beyond 2026 with valuable insights on AI adoption, cybersecurity, compliance, and the industry's shift from Managed Service Providers to
Take the First Step

Experience Training That Makes a Difference

during the demo you’ll:

Take the First Step

Experience Training That Makes a Difference

During the demo you’ll:
situs toto toto toto togel sesetoto desa wisata pujon kidul 13 situs toto toto slot toto slot toto slot toto slot toto slot akuntoto slot gacor slot gacor toto togel toto slot toto slot toto slot toto togel situs toto situs toto https://www.timexplywoodanddoors.com/clients/ toto slot toto slot toto togel toto slot slot hoki99 toto slot gacor bwo303 bwo99 toto slot bwo99 toto slot situs togel toto slot toto slot toto slot online slot 4d bwo99 AMANAHTOTO AMANAHTOTO toto togel slot toto https://saint-mathieu.com/spcaroussillon/ slot 4d toto slot slot 4d toto slot toto slot togel slot situs indobet akuntoto slot toto slot 4d babeh188 situs toto agb99 toto toto slot toto slot 4d slot depo 10k situs toto toto togel situs toto toto slot toto togel toto slot toto slot toto situs toto toto slot 8kuda4d toto slot judi bola toto situs toto link slot situs toto situs toto toto toto slot situs toto slot toto toto togel situs toto eropa99 login logototo RTP toto slot leon188 situs toto 8kuda4d situs slot gacor situs toto situs toto situs toto ilmutoto panen100 mix parlay toto slot toto slot situs toto situs toto situs toto situs toto situs toto toto slot situs toto agen toto togel mawar800 situs toto situs toto titi4d titi4d rtp slot slot gacor pascol4d resmi slot gacor mataramtoto toto PASCOL4D Toto slot 5000 bobatoto ltdtoto sontogel akuntoto ketuatoto bejototo logototo amavi5d sesetoto kientoto ComfortbetGroup popo togel mataramtoto mataramtoto https://pawpaw4dnn.com/ Sukaspin slot https://webet188tiga.world/ sbobet88 sbobet88 rasa4d https://cookingpantry.com/ toto mataramtoto slot gacor slot gacor situs toto slot gacor slot semibola MAHKOTAWD VISI4D toto toto slot gacor