Sections:Blog, News

Email Hacking  

 

We are seeing an increase in the number of incidents where criminals are specifically targetting the Finance or HR departments at companies to gain funds or personal data.  What to look out for:  

  • You receive an email that appears to be from someone senior at your company. 

  • The message requests financial information or other private data.  

  • You receive a request for you to change your credentials with a link from a seemingly known source like gmail, apple or fedex with a link. 

  • Something doesn’t seem right (why would you be getting this message?, why are there misspellings or grammatical mistakes, etc.) so you look more closely. 

  • Sometimes the sender’s return address is suspicious (letters are switched, the email domain is not your company’s domain). 

What’s going on? 

 

You are being hacked! 

 

A hack can mean someone gets your password and  accesses your account.    

But there are other ways to hack you. 

 

One form of hack is called "spoofing".  To spoof is to make an email appear as if it has come from a trusted source. The goal of the spoofed email is to obtain information of some kind, this is called "phishing".  If you reply to the sender of this email you will actually be sending private information to a criminal. 

 

Sometimes, there are subtle differences in the sending email address, for example, substituting a j for an i, or an l for an i. Other times the email address may actually display with no visible differences – it looks real. 

 

Whenever you receive an email that requests sensitive information, even from a trusted source, you should take the following actions: 

  • Closely inspect the sender’s email address 

  • Contact the sender directly by phone or text and confirm the request was from them 

  • If they did not author this email have them look in their Sent Items folder 

  • If the email is found in Sent Items then, most likely, their email account has been compromised and they should immediately reset their password and inform their email provider  

If you are notified that someone received an email from your account that you did not send, you should: 

  • Check your Sent Items folder 

  • If you find the email there  

  • Change your email password right away 

  • Contact anyone who was sent Spoofed emails and make sure they know you did not send the item in question,  You will see the recipients in the TO:, CC: and BCC: fields. 

  • If the email is not found in Sent Items 

  • Let the recipient know that this was Spoofing/Phishing and should be deleted immediately 

  • Contact your email provider. They may want a copy of the email and will instruct you how to send if safely.   

 

You and your business are being targeted by criminals using this type of hack.  Sadly it's the way of the world these daysWe are here to offer guidance and best practices to deal with this.  To learn more visit: 

 

https://en.wikipedia.org/wiki/Phishing
https://en.wikipedia.org/wiki/Email_spoofing
 
If you have questions or want to discuss other security procedures, just contact us at This email address is hidden from email harvesters via JavaScript
 
It is our pleasure to be supporting your IT Solutions.   

 

Your SureTech Solutions Team