We want to keep you informed with the latest technology tips, and alert you to two recent email scams affecting our clients so you can protect yourself and your information:
Email Scams – Stay Alert!
The first email scam is an attempt to obtain your email login information, and it typically targets the main email providers (Yahoo, AOL, Hotmail, and Gmail). The second one is a very sophisticated money transfer scam and is most likely the result of someone gaining access to your email account by using the first scam.
Email Scam #1
- You will receive an email from a contact you know (most likely because they fell for the scam).
- The email will say something like “Your Contact (insert name here) Used Dropbox to Share a File with You!”
- The email will contain a link to “Dropbox” and look very much like Dropbox, but if you hover your mouse over the link you’ll notice that the website doesn’t look like http://www.dropbox.com. It will resemble something more like http://www.fakedomain.com/dropbox/dropbox/index.php.
- Clicking on this link will bring up a webpage with the four main email providers’ logos (Yahoo, AOL, Hotmail and Gmail), which looks very official. You may be coaxed into clicking on your email provider’s logo to gain access to the shared file that you think is from Dropbox. Clicking on this link brings up a login page for your email provider, but be warned — it’s not!
- “Logging in” with your credentials simply supplies the hackers with what they need.
- Your email account will then be used to pass this scam on.
What you can do to protect yourself:
- Review password do’s and don’ts online.
- Never click on links in emails without first hovering your mouse over them to verify the domain.
- Never login to email from a link you clicked. Go directly to the webpage yourself.
- Never use your email password for any other online services. It’s tempting to do, but if the site on which you use your password is untrustworthy or insecure, you are at risk.
- When in doubt, call the contact that sent you the email in question to make sure the email is legitimate.
What you can do if your account has been compromised:
- Change your email password immediately.
- Enable two-factor authentication.
Email Scam #2
- The hacker has gained access to or spoofed your email account via a scam like the one detailed above.
- They monitor your incoming and outgoing emails to gather information about your company, position, relationships, business practices, routines, etc.
- They send an email to the CEO/owner’s personal assistant from you, requesting a wire transfer. This often isn’t caught right away because it seems to be a normal request from you to the personal assistant on the CEO/owner’s behalf. It will often reference a recent trip, upcoming trip, or art purchase that isn’t out of step with the CEO/owner’s lifestyle.
- The money transfer amount may differ, but the preferred amount seems to be $45,000.
- They request that you transfer the money to a Malaysian bank.
What you can do to protect yourself:
- Never transfer money without confirming that the request came from the real person.
What you can do if you have been compromised:
- Immediately consult a professional as your computer may be compromised, and thus simply changing your password may be monitored by the hackers.
- Put a protection in place to prevent people from outside your organization from sending email that looks like it comes from within your organization, which is called “spoofing.” Consult with a Decypher professional right away to implement this fix and scan your computer to ensure it has not been compromised.
If you have any questions about how to deal with email scams or you believe your account has been compromised, please don’t hesitate to reach out to us for help. Call us today at 970.373.5428.
President | Business Development Manager