Why I Joined Hook Security: A Phishing Story (Where I Was the Target)

In the cybersecurity world, we often talk about "users" as the front line. We build complex stacks, hardened perimeters, and sophisticated SOCs, all to protect people from making one wrong click. But there’s a humbling truth we don’t often admit: even those of us who have spent 15 years building and selling these defenses are not immune.

Recently, while I was in the middle of a career transition and interviewing for my next role, I received an email that gave me pause. It wasn’t a "Nigerian Prince" scam or a poorly spelled "Your Netflix account is suspended" blast. It was a highly sophisticated, OSINT-informed (Open Source Intelligence) attack specifically designed to hook me, As seen in the screenshot below.

The Bait: A "Confidential" $400k Offer

The email looked legitimate at a glance. It claimed to be from a senior executive at a major financial institution—someone whose name actually carries weight in the business world. The subject line was perfect: “Confidential: Partner Recruitment Leadership – $275K–$400K | Cybersecurity.”

What made this attack dangerous wasn't just the branding; it was the relevance. The sender knew exactly who I was. They referenced my specific background at Datto, Evo Security, and Cork.

This attacker had done their homework. Even though my linkedin profile wasn’t set to “Open To Work” they likely saw signals within my network from other sales employees transitioning from Cork.

The Red Flags

Despite the sophistication, the "Psychological Security" (PsySec) training I’ve advocated for years kicked in.

1. The "From" Address: The name said "Bank of America," but the email address was a generic Gmail account: monicaclozano.bankofamerica@gmail.com. A global bank doesn't use Gmail for confidential executive searches.
2. The Mismatched Persona: The person they were impersonating is a high-level board member and former CEO, not a frontline recruiter for a "Head of Partner Acquisition" role.
3. The Emotional Trigger: It hit on a moment of transition—a time when anyone is more likely to be expectant of, and therefore less cynical about, a recruitment reach-out.

Why This Led Me to Hook Security

This experience reinforced a core belief of mine: No matter how good your software is, the weakest link is always going to be the user. If this attack could happen to me, it could happen to you or your clients.

If an attacker is willing to spend the time to research my specific career trajectory just to get me to click a link or join a "confidential" call, imagine what they are doing to the clients of your MSP. They are targeting the emotions of your partners’ employees—their curiosity, their fear, and their professional ambitions.

I joined Hook Security as VP of Sales because Hook truly understands this human element. We don't just provide a check-the-box compliance tool. We provide "Psychological Security" training that prepares people for the reality of modern, highly targeted attacks.

By creating a product with no long-term contracts, no large minimums, and a price-lock guarantee, Hook has made it easy for every MSP to protect their most vulnerable surface: their people.