"Being Rickrolled is often funny," wrote Chester Wisniewski, a senior security advisor at Sophos, but "It could have been a much more dangerous phishing attack."
Phishing for personal information is a common practice for attackers who steal customer email databases from companies. During such data breaches, hackers obtain the email addresses and names of people who do business with the company they targeted. This information is usually enough to craft a believable phishing email.
In fact, the Rickroll email sent in Friedman's name instructs recipients to fill out a form. "We would like to hear from our loyal client base as to our handling of the recent intrusion by those deranged, sexually deviant criminal hacker terrorist masterminds. Please fill out the following form and return it to me," the rogue email reads.
While the phrasing of this message should look suspicious to any recipient, the likelihood of a large company's CEO using such terminology in an official email being low, the message is nevertheless similar, at least conceptually, to that of a phishing email.