- How I Almost Fell for a Phishing Email
- Copilot Chat Arrives in Microsoft 365 Apps
- Microsoft 365 Copilot: Free vs. Paid – What’s the Difference?
- ChatGPT vs Microsoft Copilot: Which Should You Use in Your Business?
- 6 Reasons Why You Should Back Up Teams
- Cyberattacks Don’t Spare Small Businesses
- How to Prepare for Cyberattacks?
- Windows 10 End of Life - What It Means and How to Prepare for the Transition to Windows 11
- Copilot Licenses 50% Off Until the End of the Year
- Monthly billing for Microsoft 365 Copilot annual term subscriptions
- Microsoft price increase for monthly billing for annual term subscriptions from April 1, 2025
- Teet Raudsep - CEO of Primend Group
- Important Microsoft 365 licensing changes in Europe
- Primend is now a Microsoft Solutions Partner for Modern Work
- Microsoft announced important price changes
- Security update for Microsoft Authenticator
- Primend is recognized as the winner of 2023 Microsoft Estonia Partner of the Year
- Cloud service focused companies Primend and Digifi will merge
- Press Release | Primend and Bondora give desktop computers to two schools
- Press Release | Primend gives tablets computers to Ida-Viru Central Hospital
- Primend helped SYNLAB to gift tablets to general nursing homes
- Press Release | Primend and Iteraction to merge
- Primend is the Microsoft Partner of the Year 2020 in Estonia
- Elering implemented remote work tool Microsoft Teams with the help of Primend
We’ve all heard about cyber awareness and how much our own habits determine whether we fall into cybercriminals’ traps. At Primend, helping people avoid those traps is part of our daily work:
- Our cybersecurity team keeps employees up to date on threats through regular trainings and phishing simulations.
- In marketing, we write blog posts and host webinars to raise awareness and keep our clients protected.
But despite all that, today I want to share a personal story of how I was almost caught by a phishing email—and how close I came to clicking the hook.
The Email That Almost Got Me
I’ve always considered myself careful. I check who the sender is, I look at the real email address, and I double-check the content for anything suspicious. At Primend, we talk about this constantly. I have to admit—there was a time when one of our security team’s phishing simulations managed to trick not only me but also many of my colleagues.
When the sender knows what they’re doing and the timing is just right, it’s surprisingly easy to get tricked—even when you know phishing is a risk.
So, what happened this time?
It was a regular Wednesday evening. I was half-watching Netflix on the couch, idly scrolling through my Gmail inbox. Among the usual newsletters, one subject line jumped out: “Notice of fine issued”—supposedly from E-TOIMIK (Estonia’s official online system for receiving and managing legal and government notices).
I was startled. Maybe I had sped somewhere without realizing it? Surely the police would know. I opened the email.
The sender looked like E-TOIMIK, but on mobile the full address wasn’t shown. The message said the Estonian Police and Border Guard Board were notifying me of a traffic violation (complete with date, time, and location) and that I had to confirm my identity to see the fine. At the bottom it even claimed the authenticity was guaranteed by the Estonian Information Systems Authority.
Feeling slightly embarrassed but mostly curious, I clicked the link. The page that opened felt… off. That’s when the alarm bells rang. I closed the page immediately and went straight to the official E-TOIMIK website—no fines waiting there.
The next morning, I was still unsettled. Logging in to E-TOIMIK this time from my computer, I noticed a discreet banner warning that exactly this type of phishing email was circulating. Looking at the email again on desktop, the red flags were obvious:
- The sender’s email address was illogical.
- The subject line lacked proper Estonian characters and felt clumsy.
- The listed date and time didn’t match reality—I hadn’t even used my car that day.
- The grammar was flawed throughout.
Why Did I Almost Fall for It?
- I was distracted, doing multiple things at once.
- I skimmed the text instead of reading carefully.
- I wasn’t sure how official traffic fine notifications are actually delivered.
- I’m naturally polite and responsible—my instinct was to quickly “fix” the problem.
Lessons I Learned
- Focus on one thing at a time—don’t click links while half-watching Netflix. Emails will still be there later.
- Mobile view hides details—it’s harder to spot red flags without the full desktop layout.
- Read carefully—especially when a message urges you to click a link.
- Phishing doesn’t just target work email—your personal inbox after office hours is fair game too.
This time, I got away with just a scare. But the experience reinforced that cyber awareness is a lifelong habit—you can never let your guard down. Honestly, without Primend’s trainings and simulations, I might not have recognized the trap in time.
How to Fight Phishing Like a Superhero
To wrap this up, I asked our cybersecurity expert Priit Timpson to share his top tips:
- Be suspicious – if it feels off, it probably is.
- Check the sender – is it really amazon.com or “amaz0n.ru”?
- Don’t click immediately – hover over the link first to see where it leads.
- Keep passwords sacred – never share them, not even with “IT support.”
- Use two-factor authentication – your magical shield.
- Delete suspicious emails – and mark them as spam.
- Spread the word – if you spot phishing, warn others!
The Bottom Line
Cybercriminals never sleep, and curiosity can be costly. But with the right habits and continuous awareness, you can stay one step ahead.
Want to know what solution we trust and use at Primend? Cybersecurity Check-up with Primend