It happened one day out of the blue in mid-October. I received a notification that a trip was added to my personal Google calendar ï¿½ destination: Cebu, Philippines. What? Did I just fall victim to a cyberattack?
I logged into my personal Gmail account and found an email with the travel itinerary. I started to panic, and thoughts of despair began to creep into my mind. How could I have booked a trip to the Philippines when I donï¿½t even have a passport?
A Phishing Attack or a False Alarm?
I stared at my screen for a few moments trying to figure out what to do. I took a breath and thought back on all the discussions I had with my mentor about email security best practices and what to do in this scenario.
I started with the obvious things. I checked my credit cards and, to my relief, there was no charge for a trip. Then I checked the Have I Been Pwned database and didnï¿½t find anything out of the ordinary. However, to be safe, I immediately changed my password.
I went back to the itinerary email and started reading through to make sure this wasnï¿½t a phishing attempt. Rather than click on any of the hyperlinks in the email, I did a search to see if the travel site was legitimate. The site was legit, but I didnï¿½t find anything to prove that it wasnï¿½t a phishing email.
At the bottom of the email, I found two links in the fine print and sta ..