I got phished by my boss

December 14, 2021

Rebecca LaChance

STORY TIME: I got phished by my boss.

No, seriously.

Hi everyone, Rebecca here. I'm Social Media Manager at Self and a couple weeks back something so bonkers ACTUALLY happened that I had to write this blog for your enjoyment.

As a reminder, Self's ultimate aim is to make every interaction we have online safer & stress-free by ensuring that the person you’re communicating with is actually who they say they are. Our entire business model is about proving who you are to the people you communicate with. My boss here at Self is Dan Sutherland, CEO and co-founder.

Last week I got an email from a Dan Sutherland, requesting that I run an errand for him. (see screenshot above)

Now, I don’t usually run errands for Dan, nor do I often receive emails from him at 6:30am, so I sent him a message on Self to say I’d had a suspicious email from someone claiming to be him. He confirmed that it was indeed not him on the other end, & from there the fun began…

a screenshot of an email chain between "Dan Sutherland" and Rebecca LaChance, the latest email from Dan reads "Actually what I need is 1000POUNDS worth of iTunes Gift card (500POUNDS or 100POUNDS denomination),scratch the card and e-Mail me a picture of the card. /However, you will get the full refund before the end of the day./ P.S. Make sure they are all activated./ Can you get the task done in 10-20 mins time?"

I have a hard time imagining a person who would believe that anyone in their life would require £1000 worth of iTunes gift cards within a 20 minute window. But this guy, NotDan Sutherland, was convinced that I would buy it, and I couldn’t let him down!

‍

a screenshot of emails, Rebecca's last says "Gee, sounds important. Should I go buy those right away? How will you pay me back?"

This, I think, was a bit of a turning point for NotDan. He’s got me! ‘Another sucker born every minute’ and all that. See how he effortlessly skirts my query about that refund?

screenshot of email chain. Dan's latest response says "OK Good I would have loved to call but I am currently in a conference now and I just need you to get this done as it is very urgent, I will call you as soon as I am done ,thanks"

A conference! Of course! But what’s great about NotDan is that now he thinks he’s got me, he pays a lot less attention to what I’m saying.

email screenshot, Rebecca's latest response reads "OMG I completely forgot you had that Phishing Conference today! Now I know why you need all those gift cards. I'll leave my house immediately and send them to you ASAP!"

But my clever quip didn’t even have him batting an eye. NotDan’s too excited about the fact I’m on my way to get those essential iTunes gift cards, and he starts to really put on the pressure. I decide to see if I can appeal to his humanity, reminding him that tomorrow my rent is due!

screenshot of email exchange. Dan's response says "Yes ,kindly please go and get it done now as its very urgent ,However, you will get the full refund before the end of the day. thanks" Rebecca's says, "Ok great and remind me how you'll give me that refund again?/ Remember I don't have a lot of money and I have to pay rent tomorrow"

But NotDan DGAF about my rent, does he? He does not.

screenshot of email exchange. Dan's latest response reads "Okay good ,thanks/Can you get the task done within 10-15 mins time?" Rebecca's latest response reads "Dan it feels like you're ignoring my questions?"

This is where the thread really starts to unravel. I grow more suspicious, and also more silly.

email thread screenshot. Rebecca's latest response reads "I don't know if I can trust you now, Dan. I just spent all my rent money on iTunes gift cards but I don't know if you will really pay me back. / Do you think my landlord accepts iTunes gift cards?"

email screenshots. Dan's latest response reads "Am not ignoring your question ,i will refund the money back to you before the end of the day ,thanks" Rebecca's latest response reads "I have a sneaking suspicion you might not really be Dan.../ Tell me something ONLY DAN would know"

It’s clear to me for many reasons that NotDan is no expert phisher, but in this next screenshot you can really see him getting desperate.

screenshot of emails. Dan's latest emails read, "I will refund it before the end of the day ,trust me please its very urgent ,thanks" then text that was copy/pasted from an earlier email now in different formatting with lighter text "I am currently in a conference now and I just need you to get this done as it is very urgent, " and "Don't be suspicious its me DAN ,kindly please get it done now ,thanks"

I mean, he didn’t even type it again in that middle message. Just literally copy/pasted what he’d written a few emails earlier. At least put some EFFORT in, NotDan!

a close up screenshot of one email from Dan reading ""Don't be suspicious its me DAN ,kindly please get it done now ,thanks"

And I can’t actually respond to this one except to say:

a super zoomed screenshot of text reading "its me DAN"

Reader: it was not.

So, NotDan, if you’re out there and this finds you… maybe, just maybe don’t choose the CEO of a privacy-centred tech company building the future of trust as your next phishing scam impersonation? And buy your own damn iTunes gift cards!

The Future of Trust