This post breaks down a real phishing attempt that targeted ITP NZ members using a spoofed display name. It wasn’t a compromised account, but a crafted message designed to exploit familiarity and provoke a reply. By unpacking how this tactic works and what subtle signals gave it away, we hope to sharpen member awareness, encourage better reporting practices, and help readers think like an adversary. If you receive something suspicious, please send it as an attachment to info@itp.nz so the headers can be analysed properly.