Fuscoe Engineering and the perfect phishing attack

I don’t think I’m going too far out on a limb if I say that most folks reading this blog are IT pros responsible for cybersecurity. So, when I tell you about one of your peers who was delighted by a phishing attack that landed in his users’ inboxes, I’ll understand if you’re skeptical.

After all, under normal circumstances, that’s a moment of peak danger. As long as those emails are sitting there, there’s always a risk that one of your users will click unwisely, potentially leading to a ransomware attack, a data breach, or worse.

And yet, for Jared Ricard, Systems Administrator at Fuscoe Engineering, the attack was a boon — almost as though the attackers had been trying to help him do his job.

The importance of effective training

Every year, Ricard invites the firm’s entire staff of 170 to an all-hands meeting where he talks about the importance of cybersecurity awareness. And most years, the turnout is disappointing. He presents a wealth of information about how to spot phishing emails, what to do when you do see one, and the potential risks such attacks represent for the firm, its clients, and its business partners.

But the engineers in his firm are mostly focused on racking up billable hours, so he worries that even those who attend his security meetings may not really be focusing on the information he’s sharing — or retaining it for very long after the presentation.

So, when one of these meetings had about 95% of the company’s staff in attendance, Ricard was pleasantly surprised. He suspects it was because they knew the firm had recently deployed Barracuda Email Protection and were interested in learning about how it would help keep them secure.

Ricard went through his presentation, with added info about the new email security solution — including the Outlook Add-in that lets users report a suspicious email by clicking a single button that Barracuda Email Protection adds to the Outlook interface.

“But,” he says, “I worried, as usual, about how much they were going to absorb and retain — especially since it could be weeks before they actually see an email that might be malicious.”

Perfect timing

Ricard needn’t have worried. A phishing attack landed in a large number of users’ inboxes the very next day.

“What I’d told them was still fresh in their minds, so a lot of people noticed the signs that something was off about the email,” says Ricard. “And they used the button to report it — just as they’d been trained to do. It’s almost as though the criminals had set out to reinforce my training and make sure our employees remembered it!”

It’s not often that a phishing attack results directly in better security and reduced risk, but in this case that’s exactly what happened.

Get the full story

There’s a lot more to the story of how Ricard and his team secured Fuscoe’s email and data in Microsoft 365 with Barracuda Email Protection and Cloud-to-Cloud Backup — including how they were able to fully remediate the attack and delete every instance of it in about 4 minutes, thanks to automated incident-response capabilities.

Check out the complete case study to get all the details — and to see how you too could someday find yourself welcoming a phishing attack.