Would your cyber-security have saved you from this hack attempt?

by | Oct 2, 2023 | News, Security

This is a real and very clever ‘spear-phishing’ attempt that one of our legal clients in Auckland received today.

Would you have opened it?  Would your IT have protected you?

To: Me

From : new customer


My Husband and I are looking to buy a property (First-time buyer).

We have agreed on a price with the buyer but need a solicitor to see us through the process of exchange and closing.

We were referred to you, hence we decided to send you a message.

Kindly contact us by return email.

Best Regards,


Would you have opened it?  Would your IT have protected you?

They are a busy lawyer, and this email looks sufficiently legitimate that, understandably, they opened it.

“Spear-phishing” (also known as ‘whaling’) – is the art of carefully writing a fake email to target specific users.

In this case, the subsequent follow up email included a malicious file.   It was so well written that it got past the email filters, and past the 365 protections. 

But security is all about layers, and in this case, it got caught at the device.   The ‘zero trust’ approach worked.  In line with our Kinetics technical standards, the user only had limited ‘UAC’ (user access control) and that defeated the malware.   

It stands out to me that it also even got past the anti-virus!

This is a perfect example of why anti-virus isn’t good enough anymore.  We tested with EDR, the EDR caught it immediately.

It is why we are retiring our old KARE support plans and replacing them with new ones.  We know these new plans have more protections in them, and therefore cost more, but unfortunately that is what we now need.  We are continually reviewing our plans to make sure they are relevant and appropriate.

Cyber-security is all about layers, and we need more protective layers now than ever before.

(postscript – the smart email filters updated quickly and were correctly blocking it later in the day – but that wouldn’t have been soon enough. 

Thankfully our KARE configuration worked and blocked it successfully first time!)