You give a cursory glance to your email inbox – it’s another stack of messages from regular correspondents and your familiar spammy advertising letters.
But one email catches your eye. It is from a regular supplier but it looks “off” somehow:
- The sending email address matches the named sender
- It is the same email address that you have stored for this supplier
- The signature looks exactly the same as on his other emails
- BUT he’s asking you to enter your credentials to access a document.
What do you do now?
You have listened to and taken on board advice from your trusted IT advisers (Computer Troubleshooters, of course). Didn’t they tell you to be wary about clicking on email attachments? – Yes, they did, and here’s the blog where the dangers are explained.
As you are working from home, you are isolated from colleagues who you could normally consult.
Our client decided to reply to an email and got the response:
The email is legitimate, i sent it to you
Login with your email to view the remittance.
Regular readers of the Computer Troubleshooters blog will now realise that this response came from the hacker, and not from your trusted supplier!
This is an example of CEO fraud. The hacker gets access to the email account and takes control of emails and responses. You can think of the hacker as the Big, Bad Wolf in the tale of Little Red Riding Hood – the whole dastardly plan is explained in this blog.
What should you do?
We recommend that you take the option to phone a friend! Pick up the phone and call the sender – did they actually send the email or have they been hacked? Still unsure? Call the Troubleshooters. Get the sender to call us too!
Sure enough, in this case the supplier’s email had been hacked. No harm was done as nothing was clicked.
How can this situation be avoided?
- You can ensure that your company emails are secure with good password policies.
- You can implement spam filtering to stop dodgy emails landing in your inbox in the first place.
- You can consider some security training for your team, complete with phishing tests to see whether they are tempted by a dodgy email.
If you would like some advice on email security, or if you are feeling tempted to click, please give us a call. Computer Troubleshooters is happy to be your “phone a friend”!
Pick up the phone: 01732 300064