This morning, not even the coffee had time to cool down, and I received a dramatic message in my inbox:
“Hello Lora, I am currently entering a closed-door meeting. I need you to complete a short but urgent task. Please reply with your WhatsApp number and wait for my message. Thank you. Sincerely, Download Outlook for iOS.”
I look at the sender - bambiiectoyherve@gmail.com. At first I stopped - I don't know the email, but the message was signed as if it came from the director. There is no specific task in the message, but there is urgency, a formal tone and a suggestion to transfer the conversation to WhatsApp, a private channel.
And then the red flags start.

Red flag 1- Gmail? -Our director has an official address.
Although he is only human at times, bambiiectoyherve@gmail.com is definitely not his 'alternate self'.

Red flag 2- WhatsApp? No wayWe use private chat, email and sometimes the official phone. Whatsapp is a no no especially for 'urgent tasks'.

Red flag 3- Outlook for iOS We do not use Outlook. And no, no one "downloaded the application" at the end of the email - except maybe the author who forgot to delete the automatic signature from the fake template.

Red flag 4- The director is on vacation. And if your boss writes in the middle of a vacation, urgently asks for a cell phone number, and does it from Gmail... congratulations - you have a phishing attack.

What is a phishing attack and why does it work?

Phishing is impersonation with the aim of stealing identity, money or data. Attackers often pretend to be authorities - bosses, banks,... and play on panic and speed. In business environments, the most common form is the so-called CEO fraud - the message seems to come from a director who "doesn't have time" but urgently needs someone to buy him something or send him a number. And that's where many give in - because when the boss calls, you don't ask - you work. And the attackers know that very well.

Mini test: Can you recognize phishing? Answer honestly – would you click?
Is the sender from a private address?
Is he asking you to do something right away?
Not using your usual communication channel?
The message is without concrete content, but with a lot of formality?
Does it end with a strange signature, link or “Download Outlook for iOS”?

If you nodded at least twice – welcome to the club. We've all almost clicked at some point.

How to protect yourself?

• Check the sender. Literally – letter by letter.
•  Stop before you answer.
• Anything that is "urgent" may be suspicious. Don't go to private channels. WhatsApp is not an official tool.
• Check with your colleagues. If the director "wrote" to you, he might have written to others as well.
• Report it to IT. Not because you fell for the joke, but to protect everyone.

Conclusion

Email and phone scams are becoming more sophisticated, but they still rely on the same tricks: creating panic and wanting to make you react quickly without thinking. Be careful, be informed, and always check before you click. Share this story with a colleague who “just clicks to see what it is.” Because maybe next time it won’t be bambiiectoyherve@gmail.com, but something more convincing. And persuasion is cheap these days.