How We Responded To A Real-Life Phishing Scam

Phishing emails often pose as messages from your bank or employer, pushing you to click a link or download a file. But what if the scammer isn’t just in your inbox, but someone you’ve met in person?

That’s exactly what happened in a recent case that got the PKF Infuse team talking.

How This Attack Began

One of our users met someone at a trade event. They had a friendly chat, swapped names, and moved on. Nothing unusual there. 

A few days later, the phishing scam arrived, and an email landed. It appeared to come from the same person and even referenced their conversation. So far, so believable. 

The email included a link to some files and asked the user to log in using their domain username and password. 

Spotting the Red Flags

Fortunately, the user paused. Something about the email felt unusual, perhaps the tone or the unexpected request for login details. 

Instead of clicking, they contacted the helpdesk. The email was a phishing scam attempt. The link led to a fake login page designed to steal credentials. If the user had entered their details, it could have opened the door to ransomware or worse. 

What Makes This Attack Different

Phishing scams are not new, but this case stood out because it began with a real-world interaction. 

This is a classic case of social engineering: manipulating people into giving up sensitive information. What makes it stand out is the physical element. The attacker used a face-to-face meeting to build trust before launching the digital part of the scam. 

Here is why this approach is so effective: 

• It feels genuine because meeting someone in person builds trust 

• It lowers defences because you are less likely to question an email from someone you have met 

• It dodges filters because spam filters will not catch this kind of attack 

Steps to Protect Your Business

This phishing scam had a positive outcome because the user trusted their instincts and asked for help. Here is how you can do the same: 

• Be cautious with new contacts, even if you have met them in person 

• Never enter your credentials unless you are certain the site is legitimate 

• Watch for subtle red flags like unusual wording or unexpected requests 

• Report anything suspicious to your IT or security team 

• Share stories like this to help raise awareness across your team 

Stay Alert, Stay Secure

This is the first time we have seen a phishing attack that started with a handshake and ended with a fake login page. It is a reminder that cyber threats are evolving and so must our awareness. 

At PKF Infuse, we believe that staying informed is your best defence. If something does not feel right, speak up. You might just stop an attack before it starts.