Email Hacking
We are seeing an increase in the number of incidents where criminals are specifically targetting the Finance or HR departments at companies to gain funds or personal data. What to look out for:
You receive an email that appears to be from someone senior at your company.
The message requests financial information or other private data.
You receive a request for you to change your credentials with a link from a seemingly known source like gmail, apple or fedex with a link.
Something doesn’t seem right (why would you be getting this message?, why are there misspellings or grammatical mistakes, etc.) so you look more closely.
Sometimes the sender’s return address is suspicious (letters are switched, the email domain is not your company’s domain).
What’s going on?
You are being hacked!
A hack can mean someone gets your password and accesses your account.
But there are other ways to hack you.
One form of hack is called "spoofing". To spoof is to make an email appear as if it has come from a trusted source. The goal of the spoofed email is to obtain information of some kind, this is called "phishing". If you reply to the sender of this email you will actually be sending private information to a criminal.
Sometimes, there are subtle differences in the sending email address, for example, substituting a j for an i, or an l for an i. Other times the email address may actually display with no visible differences – it looks real.
Whenever you receive an email that requests sensitive information, even from a trusted source, you should take the following actions:
Closely inspect the sender’s email address
Contact the sender directly by phone or text and confirm the request was from them
If they did not author this email have them look in their Sent Items folder
If the email is found in Sent Items then, most likely, their email account has been compromised and they should immediately reset their password and inform their email provider
If you are notified that someone received an email from your account that you did not send, you should:
Check your Sent Items folder
If you find the email there
Change your email password right away
Contact anyone who was sent Spoofed emails and make sure they know you did not send the item in question, You will see the recipients in the TO:, CC: and BCC: fields.
If the email is not found in Sent Items
Let the recipient know that this was Spoofing/Phishing and should be deleted immediately
Contact your email provider. They may want a copy of the email and will instruct you how to send if safely.
You and your business are being targeted by criminals using this type of hack. Sadly it's the way of the world these days. We are here to offer guidance and best practices to deal with this. To learn more visit:
Your SureTech Solutions Team