A creative swindler almost tricked me using perfectly tailored email messages. Or so it seemed. As a bit of background, I switched back to full-time work status just last January after a protracted illness and intense recovery. During my time as a part-time employee, I needed to fill out a timesheet every week, and QuinStreet uses payroll service provider ADP.
After I went back to full-time status, there was a delay in receiving my paycheck (and through no fault of QuinStreet or ADP). Once that cleared up, all seemed in order. Yet, around this time, I started getting messages claiming to be from ADP regarding problems with payment. It seemed odd, since HR worked with me to resolve things. Plus, the ADP emails "felt" vague and included odd, indecipherable links.
A quick Google search revealed that I been a near-victim of a spear phishing attempt. While I don't think that the perpetrator knew about my circumstances, the cyber criminal community obviously knows how popular ADP is in the corporate world.
I can't claim full credit for my suspicion. While I had the instinct that the emails seemed fishy, Paul Mah's five-step procedure for identifying phishing messages rescued me from data theft, malware or similar fates.
Since this experience, I keep his checklist in mind. Criminals get craftier and craftier; you simply can't let your guard down.