How many times must we repeat this? Never, ever, EVER open a phishy email. Or, worse yet, reply to one.
Thank goodness Tesla chief financial officer Jason Wheeler did not reply to a screwy email he received from the not-so-sly fox behind “email@example.com” on Aug. 3. Hmm, what tipped him off could’ve been the glaring lack of caps or the "4" for “for.” Or, hello, that lame email address. Either way, Wheeler, an ex-Googler and Harvard grad, knew better.
Per court documents, the email read:
why you so cautious w Q3/4 gm guidance on call? also what are your thoughts on disclosing M3 res#? Pros/cons from ir pov? what is your best guess as to where we actually come in on q3/4 deliverables. honest guess? no bs. thx 4 hard work prepping 4 today
Wheeler apparently did what we hope any dutiful employee would do with such a sketchy email: flagged it as suspect and put it in front of the right person within his company for further inspection.
The outcome of this incident is a lawsuit against Todd Katz, the email’s alleged sender and an executive at the oil pipeline services firm Quest Integrity. It’s pretty cut and dry. Tesla alleges Katz impersonated its founder and CEO Elon Musk. “No bs.”
The Palo Alto, Calif.-based electric car company claims Katz’s intent was to score intel about Tesla on the heels of its latest earnings announcement. Tesla seeks unspecified damages, along with financial compensation to cover legal fees and other costs associated with its inquiry into the suspicious email.
None of that surprises us. What does is that Tesla’s suit against Katz states that “firstname.lastname@example.org” is “similar [to one] that has been used by Musk.” Like, hopefully way back in 1993, because really, Elon? Yahoo? (It’s plausible. Tesla wasn’t even founded until 2003, though Musk has often spoken of his company’s namesake inspiration.)
Whatever the case, let this alleged Musk imposter phishing email mess serve as reason number 5,736 to be extra vigilant when scanning your inbox. If you do open a suspicious email -- but you wouldn’t do that, right? -- do not reply to it and be a champ and inform the appropriate individual within your company immediately.
Another smart cybersecurity move is to set your email client preferences to show the full address of the sender, Brett McDowell told Entrepreneur. The senior manager of customer security initiatives at PayPal and a board member at the National Cyber Security Alliance also advises employees to use unique passwords for all business-related accounts online and across your company's information systems. Same goes for your personal accounts online, email, social media or otherwise.
Once again, at the risk of sounding like a nagging mother, allow us to again gently remind you that your passwords should be airtight. That is, they should include combinations of upper and lowercase letters, numbers and symbols and should be changed every two weeks or so. Also, never lazily use the same password for different logins and never leave your passwords written down near your computer. Maybe stash your passwords in a pill?
While you’re busy being extra super careful with your passwords and your squeaky clean inbox hygiene, also mind your outbox security manners. Be extra vigilant with what you write in your emails and what you send to whom.After all, emails -- and instant messages and texts -- leave a tidy, everlasting digital trail of crumbs that aren’t hard to follow. They can even stand up in court. Just ask Hillary Clinton.